Open
Cached
·
just now
83/100
SECURITY SCORE
Certificate Information
Subject
CN=auth.visa.com
Issuer
C=US, O=CLOUDFLARE, INC., CN=Cloudflare TLS Issuing ECC CA 1
Valid From
September 27, 2025
Valid Until
September 27, 2026
249 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
D1:B1:1A:76:32:C0:4E:CC:AE:B5:C8:0D:9D:D2:92:BF:B1:B3:B9:87:E9:97:31:DC:7A:20:D9:35:8D:2D:9D:9F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=264310; preload
Content-Security-Policy
Strong
sandbox; default-src; script-src; +8 more
sandbox allow-same-origin allow-scripts allow-popups allow-forms allow-downloads; default-src 'self' https://*.google.com www.googletagmanager.com https://*.visa.com https://secure-devicefp.visa.com; script-src 'self' 'nonce-ad687163ce6c6a1178a01c57d51392b2' 'sha256-+Fnrytc0auXebqZajw//d6h4ObaYkU4QVDSEnDC9laQ=' 'sha256-Q1fM7lfwt8JAotJmA+XqZr1BWkTJgf/rSZ4w/0sLd78=' 'sha256-f344ab6241cca872f08c63fbb8f7911e8b29d325076cae771ea2da52f47d3f8d' https://*.google.com www.googletagmanager.com; img-src 'self' https://*.visa.com https://*.google.com www.googletagmanager.com; style-src 'self' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-2PXgIZV8QluJYDPhqvPZatN5b7b1NJa/zLlC+3Vmjao=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-bqH8xh9X3MRI6URpfDxiO6vuDvnANpURolksRf+a03E=' 'sha256-mgTbHK+zKhqRz5Y5kCTBSv5kqDJcT3hBDHUZabBnils=' 'sha256-TXmLHr3wgnY2hpcN4XbelEHvrUYcvnJaig4stkY8zhY=' 'sha256-Z4l+OyBWWJsdpbGe53cl+/CSpQ45jyXBqy68UCKtzq0=' 'sha256-yI33gHPTgqSSNwsR7PIE4ysEu0kz8lbDeCIMlMvoe8k=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-BIF8g/Yy8tQWDAZx7+G+OOOOtshfGzffchW3VfILKJE=' 'sha256-NEc0/F2KAJDIIN38ZiWcRpAXNxEpANVnDLE/O6q8YQI=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-UmO7LQ+hYNiQbIwHl5oLhOWo/8cI0vmaGlCphGxrYj0=' 'sha256-duZOQxG3rKvHmr3rLE9WtZHYc1Rjl9zQLv42Ux9X48o=' 'nonce-ad687163ce6c6a1178a01c57d51392b2' https://*.google.com www.googletagmanager.com; font-src 'self' https://*.visa.com data:; connect-src https://*.google.com www.googletagmanager.com https://www.google-analytics.com https://*.visa.com https://secure-devicefp.visa.com; object-src 'none'; base-uri 'self'; form-action 'self' *.visa.com; frame-ancestors none;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports