Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=*.bcu.ac.uk
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA DV R36
Valid From
September 23, 2025
Valid Until
September 23, 2026
254 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E2:D2:FC:CE:DF:8F:23:C5:6B:A7:AE:45:A7:B2:26:7D:A4:0F:43:ED:7F:F9:55:23:B2:14:E6:4D:3D:6A:90:9A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
script-src; style-src; img-src; +1 more
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://*.doubleclick.net/ https://www.youtube.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://maps.googleapis.com/ https://s.ytimg.com/ https://connect.facebook.net/ https://www.googletagservices.com/ https://www.dynamicnumbers.mediahawk.co.uk/ https://player.vimeo.com https://gt.bcu.ac.uk/ https://libanswers.bcu.ac.uk/ https://platform.twitter.com/ https://*.twimg.com/ https://www.instagram.com/ https://api3-eu.libcal.com/ https://cdn.unibuddy.co/ https://api.mapbox.com/ https://system.spektrix.com/ https://embed.expertfile.com/ https://d2mo5pjlwftw8w.cloudfront.net/ https://sjs.bizographics.com/ https://static.ads-twitter.com/ https://sc-static.net/ https://analytics.twitter.com https://*.mapbox.com https://discoveruni.gov.uk/ https://*.du-widget.com https://www.gstatic.com/ https://www.google.com/ https://snap.licdn.com https://tr.snapchat.com/ https://analytics.tiktok.com/ https://*.stackadapt.com/ https://s3.amazonaws.com/ki.js https://*.riddle.com/ https://rv-vepple-tour.web.app https://www.redditstatic.com/ https://*.clarity.ms/ https://cdn.veritonic.com/; style-src 'self' 'unsafe-inline' https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://platform.twitter.com/ https://*.mapbox.com https://gt.bcu.ac.uk/ https://*.stackadapt.com/; img-src 'self' data: blob: https://img.bcu.ac.uk/ https://cphfcrflaa.cloudimg.io/ https://i.ytimg.com/ https://bcuassets.blob.core.windows.net/ https://bcucdn.azureedge.net/ https://*.gstatic.com/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.co.uk/ https://adservice.google.com/ https://www.facebook.com/ https://secure.adnxs.com/ https://pixel.mediaiqdigital.com/ https://syndication.twitter.com/ https://*.twimg.com/ https://platform.twitter.com/ https://image.issuu.com/ https://maps.googleapis.com/ https://pool.a8723.com/ https://pool.adizio.com https://pool.admedo.com https://*.mapbox.com/ https://px.ads.linkedin.com/ https://t.co/ https://discoveruni.gov.uk/ https://*.du-widget.com https://gt.bcu.ac.uk/ https://snap.licdn.com/ https://lh3.googleusercontent.com/ https://*.stackadapt.com/ https://analytics.twitter.com/ https://alb.reddit.com/ https://*.clarity.ms/; frame-ancestors 'self' https://www.bcuinspired.com/;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports