Open
Cached
·
just now
93/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=North Carolina, L=Charlotte, O=Tradier Inc., CN=*.tradier.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
Valid From
February 28, 2025
Valid Until
March 01, 2026
59 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
98:34:AF:C2:A7:33:E2:E4:13:58:E4:D0:24:3A:2E:D4:4D:66:98:F9:0D:AE:4C:3F:DF:79:44:3E:BA:6E:51:FC
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Strong
default-src; script-src; script-src-elem; +8 more
default-src 'self' *.tradier.com; script-src 'self' connect.facebook.net www.google.com www.gstatic.com www.googletagmanager.com; script-src-elem 'self' www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com va.vercel-scripts.com/v1/script.debug.js vercel.live/_next-live/feedback/feedback.js connect.facebook.net d7zve4d3u0dfm.cloudfront.net/production/RHb02cf4bc2e.js 'sha256-1e5RR2OpHhuX2h0Bat19DsNTmqbo4M3T1pqfeTXCHaA=' 'sha256-kEJ5aQMa02EiDjc71j+UBRflqEvTIegPY59+Mem27gw=' 'sha256-Zgt8BlRLx38o8UsFXEFmnzyAwwsuj14TY+UESua2NVQ='; connect-src 'self' *.tradier.com *.sentry.io *.mixpanel.com *.google.com www.facebook.com *.doubleclick.net app.referralhero.com/widget/MFbee47ca5d9/post; img-src 'self' data: www.gstatic.com *.facebook.com; style-src 'self' fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-src 'self' fonts.gstatic.com data:; frame-src 'self' www.google.com www.gstatic.com *.doubleclick.net; report-uri https://o1900.ingest.sentry.io/api/6055222/security/?sentry_key=3c6c5c328c474127b6cd6de5bdc2a944
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Not Authorized
(Potential misconfiguration)
Authorized CAs
CAA Issues
- • CRITICAL: Current certificate issuer 'C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1' is NOT authorized by CAA records. Authorized CAs: sectigo.com, globalsign.com, letsencrypt.org
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance