Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
CN=avevaselect.com.br
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
December 17, 2025
Valid Until
March 17, 2026
62 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
C9:4D:66:18:74:6F:3D:AE:1B:54:3F:C2:40:4A:13:57:1F:B4:F2:BD:74:5E:91:E0:16:86:CE:01:E0:35:84:AC
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15552000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +11 more
default-src 'self' *.vimeo.com; script-src 'self' mkt.avevaselect.com.br paragon.com.br mkt.paragon.com.br conteudo.paragon.com.br ams.wpml.org js.stripe.com snap.licdn.com optin.safetymails.com www.google.com www.youtube.com www.gstatic.com 'unsafe-inline' cdnjs.cloudflare.com 'unsafe-eval' data: platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' conteudo.paragon.com.br mkt.paragon.com.br mkt.avevaselect.com.br 'unsafe-inline' ams.wpml.org cdnjs.cloudflare.com *.vimeocdn.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' conteudo.paragon.com.br mkt.avevaselect.com.br ps.w.org s.w.org px.ads.linkedin.com px4.ads.linkedin.com secure.gravatar.com www.gravatar.com api.webnus.site storage.googleapis.com data: blob: ams.wpml.org google-analytics.com toolset.com wpml.org www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' mkt.avevaselect.com.br mkt.paragon.com.br conteudo.paragon.com.br www.google.com px.ads.linkedin.com cdnjs.cloudflare.com ams.wpml.org *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; frame-src 'self' paragon.com.br mkt.avevaselect.com.br mkt.paragon.com.br conteudo.paragon.com.br forms.office.com js.stripe.com www.google.com ams.wpml.org cdnjs.cloudflare.com www.instagram.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com maps.google.com; child-src 'self' mkt.paragon.com.br mkt.avevaselect.com.br paragon.com.br conteudo.paragon.com.br cdnjs.cloudflare.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; base-uri 'self' ; form-action 'self' mkt.avevaselect.com.br conteudo.paragon.com.br ams.wpml.org; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
private-state-token-redemption=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com"),private-state-token-issuance=(self "https://www.google.com" "https://www.gstatic.com" "https://recaptcha.net" "https://challenges.cloudflare.com" "https://hcaptcha.com")
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports