Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=blog.ometria.com
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
October 29, 2025
Valid Until
January 27, 2026
53 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
1E:8E:D7:56:65:EC:22:17:5D:50:0C:1E:24:0A:B2:86:01:19:EB:42:4E:98:05:E8:F4:41:2F:3E:8B:08:DC:54
Alternative Names
Security Configuration
TLS Protocols
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
Warnings
- • TLS 1.1 is deprecated and should be disabled
- • TLS 1.0 is deprecated and should be disabled
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains;
Content-Security-Policy
Basic
base-uri; default-src; connect-src; +14 more
base-uri 'none'; default-src 'self' https: *.ometria.com ometria.cmsassets.com *.prismic.io *.6sense.com *.typeform.com *.youtube.com https://youtu.be youtube.com *.youtube-nocookie.com *.hubspot.com *.geoplugin.net ometria.workable.com *.hotjar.com player.vimeo.com cookie-cdn.cookiepro.com www.google.com www.google.co.uk w3.org; connect-src 'self' https: ws: ometria.cmsassets.com ometria.cdn.prismic.io cookie-cdn.cookiepro.com *.analytics.google.com *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net pagead2.googlesyndication.com *.6sense.com *.adroll.com *.ads.linkedin.com *.hubapi.com *.hubspot.com *.hsforms.com api.hsforms.com js.hs-scripts.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.hotjar.io *.6sc.co *.hotjar.com secure.adnxs.com geolocation.onetrust.com c.6sc.co ib.adnxs.com cookiepro.blob.core.windows.net; font-src 'self' https: data:; form-action 'self' forms.hsforms.com api.hsforms.com; frame-ancestors 'self' ometria.prismic.io; frame-src 'self' ometria.prismic.io youtu.be youtube.com *.youtube-nocookie.com *.youtube.com *.hsforms.net *.hsforms.com *.google.com *.googletagmanager.com td.doubleclick.net; img-src 'self' data: blob: ometria.cmsassets.com ometria.cdn.prismic.io *.prismic.io *.cookiepro.com *.hsforms.net *.hsforms.com track.hubspot.com px.ads.linkedin.com *.google.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net ssl.gstatic.com www.gstatic.com www.facebook.com; manifest-src 'self'; media-src 'self' ometria.cmsassets.com ometria.cdn.prismic.io; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'nonce-kOd97YjSeM4CS8y7qFgrjQ==' *.prismic.io *.hsforms.net *.hsforms.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com cookie-cdn.cookiepro.com *.typeform.com *.facebook.net www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.uk *.googletagmanager.com tagmanager.google.com www.gstatic.com www.google-analytics.com secure.easy7bear.com s.adroll.com *.hotjar.com d.adroll.com j.6sc.co snap.licdn.com; upgrade-insecure-requests; worker-src 'self'; child-src 'self' *.hsforms.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Present
accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports