Open
Cached
·
just now
95/100
SECURITY SCORE
Certificate Information
Subject
CN=boxado.com
Issuer
C=US, O=DigiCert, Inc., CN=GeoTrust Global TLS RSA4096 SHA256 2022 CA1
Valid From
October 08, 2025
Valid Until
April 08, 2026
104 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
B7:E3:3F:E9:3B:CF:37:08:C8:D2:2D:69:19:AE:4D:C0:B4:A7:D6:6C:AD:75:25:92:AB:58:30:41:A4:05:5E:11
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
base-uri; font-src; form-action; +14 more
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: blob: https: https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.facebook.com https://photon.komoot.io; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline' https://www.gstatic.com https://www.google.com https://apis.google.com https://accounts.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com 'sha256-UX5cShUvYI9/vHiV0S9RaN2CnIs/qgN4N6M7whhHoeQ=' 'sha256-w0/0Sfh3M/2aGROCST4Vmun1sG0czhHFX0vjMoveuak=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-U3azvjouBZv/kiXxJFef10LQ1JPPfDxDtCBEKvd/IlY=' 'sha256-XfxN4a23cZQK8Yb4IVOyni15ML+QtklVqCLpdxpDcLQ=' 'sha256-WTxIa2ue5dBrJ9qJ0UbICsXTbIWnYB1GG/W1KOZ4bGQ=' 'sha384-AomqtdM7ShvbJhzQ/RecL3F/4yFW76TSTPP1uQP8PKxGgwobROVpRQtkuGnMQF7z' 'sha384-QWeZ+bKbofiCvb6RNiN8WPRZmrKSAxcJKar+Q2RPf70Xg2rPuRR9CVfFe5m/n2aX' 'sha384-+3dXRr9pIHltu70B+ZEi/E0mQ7wuRNVAz6Os6tYy1UMp4WF6AL1cO+SIwjoHEzav' 'sha384-awF89Sek7ZNuJ41s0K08fZGmIDNgLugIQmOITfrXRlwEn9iSnKwc/4XXOZnykJnm' 'sha384-/KBSlWKGyv9YnfykZp2nFh/AW/YmblKm9Q8NUOi/zKqS9jOH05sDCFV3EJRoh/MB' 'sha384-bCRCBrz64DNj9ZsE2DzaUqKobM7n2JEtyzwx62SY3sfRc51BNIrvSaQ3+hEd0YhZ' 'sha384-nvmZqPpw4Gm2doMiBWSdrgIx+fw6dbfBWslFRzG5NqPSyKDnvB7vX2Jz3Wx+mNHA' 'sha384-iorWeTpSavuSSYDFZ8sr21VlVBoy+y87L4pgIr/hO9c3aKA8ynhQ0upHaDbJjDxf' 'sha384-RTB8w+aa2c+dfmOmcbT8WP5CtQxt11DQCagz9bRRYCIkgFa/kCTsmPtul0WhxqJg' 'sha384-aYA4m6KWZJYI8Ozu9jdwINpAMMQI/VP3TQgiPolBiHqX24eI9lrdOzF6D+4zqFM0' 'sha384-hG8fhqMx/VG1EzK8fheQ1EUNOmovoV+EtKKAkSTyvFPdNqSsj93iN4LvkyHD+tq5' 'sha384-kcok7SvNRzEyC0yqr7jwpKUDvJkDwtKEdzri+HvxoSBnOcKUp9c4nNPZKclvLp7m' 'sha384-hM/TPb2O0ShSgSnNQHKU/k7NjUUzoItvwJB7fX5nuHSWtFuHE2WqQsujppgMMkCW' 'sha384-eiqY/td2DbmWsoTStVKJGR9oAFEEto9Fx2F6lVvMYcufod6kEYy2wnXyNxW9zV7/' 'sha384-Dis2p8n0V9uBb/KCe3yB7HZH6oy1l6QYLiNXJwkF4r1y4EqrS+HWCTory9TDZKIh' 'sha384-rusIFP/1kqN1vUCxXW/gQrEE05Cr5wrBdrWyVg9+mYZXmJK19cBeBpmMQnqsa7pv' 'sha384-k1dRFtA6ZWdKA+i+nZrsaYC33pq4EIXUimgnmudh+1WEKpQDEFw9lp71hg3h1hie' 'sha384-40gIwdtt/wEUbYuE9oXMf2Xzi6jCHzyjj/YsIlviK2ezOolaWKNd7J2o7Gkz2HTW' 'sha384-aUgWfSBsILtXr/x9CdU76Th2YJTwK3btA+xXM1GPOcVoTK19w06FKNhHJmtNeF9T' 'sha384-xCG1wBS95GkRgmDMvkmcQ6S5Frc25zOHCkMQ2cthjXLqHEuBrGpXldySTzIZlYsB' 'sha384-+T9ublNGmTzIkBKcX7QYYfVHXdlHHf9aRXD6e0Z7jJP/4kZ77hc/ri4byDgfWK1s' 'sha384-Cjt9ANWFXJGm0eJn6ymIM63fHZNM+WxxTZn0VKFJSj7cOO1pGzZzNgUbCefEDrOy' 'sha384-LRhVgDGj2D0Zmf3Kwp/Aj5LjpUNDDBfXnIKjZTsNwrjXnfTmyrYE+lig7B5cCCTm' 'sha384-vE9Z98NlPACI2bpYCALVYWipu6+vAwzeDzy6Zllc9AGikhfDGidRId129Jmc8g5D' 'sha384-e6H46kHFZsPirVQdADC0lOdgj8F9R5bIWP8743hQMUTC1cKNv1v8OUVqLTp5Szn6' 'sha384-0anvDbBe6KfXZ38LoL1ISCC9944Bzp+qX5QhDqoRufIkdn/HQqyaFT3RtYjPMrWq' 'sha384-AfCQGuh4LunEEJF7yae9DkAjR7tL4AFWze1OwUN7puwYwW8bpahLCHFmq9Sbs4eP' 'sha384-t4VKd3oyN0NlnlwCTbyOSCebt9FqEhyp5xRmn6pnNMOw4A5iqPNlV+EbuopjrkGo' 'sha384-W2Cw0e5IZv61zHxv/aj+Bwk/QmyTX2ILVjHX7gTXQecnYdPtYwhTA5zikhHR6JoX' 'sha384-y+U520aulAI3oyKuiD9NHXYq7buWad8BZK315iVSXqlQN8e2GsRBKtPgIthHwawS' 'sha384-65qyvJz6vGjBHQs3T0/SkLh4yq/Z3R9VLbkOp7bTegWF6IvhXGhra1V/BN/Z6Leo' 'sha384-cUqpcBeHWv32X/wQTum3K5egN7lBh8SppJ9GAb8srFVZvBLgm2Q39im2PZ6KmAkp' 'sha384-SDx+dP0/7rTcX6e75v2q6x21j6nDFkUhr3ymNmAkq1GO/AjTCcD6fktQUYdMA91b' 'sha384-cdLkEFe/z8BKqx/jGbrMzemf0mvnVBwk7XKhQyxY4dP4gXBXedIvXujwwdK5w2LE' 'sha384-rBRyPk6sqiTwJEZeYfOCKz+MacTlMyRhqPamecZ2em9LkaVkgs/AsRKa95yu3Vdk' 'sha384-Sh4Yhu6Q14lNGVl+Bl2/UepOQwQ84vPobdOOf78e49HbKMTXPyGgY8xEZr7S5t84' 'sha384-lyFtFUIV31m//++nsE710IsCQ37hJ39pte+C2ZBkSQ+B4f+ydp2rz3B2JnjYXJjv' 'sha384-MZbPVieWLpQmF6A5y963Y+4mVpYmGg2LF7vCrdzICvhkATdPVcBsUG+PcHbTkKLp' 'sha384-TcRmzDyDCKD7i7g18VCoOhSyW0bOnZBEc/rup6O51gFBJLTTot1HGYF1sNXUvGxO' 'sha384-2DKg/BHJqKpFyjSnkHtesmMjBnSuP2u5mJOdMDj1XgtCN0akVA2zKgNtU/SEJrId' 'sha384-oCfvHf9rBrD54a+TCOipH3C0K13VkspX6TfansJz2nmA+MGaCWBs+Bwha+tGAImI' 'sha384-XdET3lXv0F7yK/rSx+ME7mybf561zoHqkD9gDIklV085uyTBPkAwkVHBX3iRxcyw' 'sha384-zSD9a2BtHSCoh/2bwO0fWIHmfQJ3QQ2cVRQ8oMNSk7f8kenEIc7HksNNSXpCSdG6' 'sha384-wDNOn4YLoiQ3ILu2IHzcHQnRmE6RW5eA+UsdM7NKQzjjVrOMSqz4ytyBB+D2nfq7' 'sha384-TG6NSeNziv3N1spIGCBo7QJ44+wpwkpWIpHOBevkX4xwLS0skZeHOt+OqO5e4cV3' 'sha384-ubkX1/hGyeP6Kk9WwRe4gFSmyuP+gR39pq1+vRmk/FliZnVUMIpAZ0uLKn3Fx7Wc' 'sha384-eu498lR+ca8HAYqST++pzSuF0S0dAz9bDMP8nqTOyMawMtG60wOq61tfsrOxJJZk' 'sha384-n0V7FkHp+AsR2+l7+ts5sx5xqUA1Bc258K25GRCCns6nGWL9t3G/NiCkMjtGSiFO' 'sha384-knG4rBA688Cwy5stET/IlJqRnYgAed0dOtLb6a8aGgPrDM0cLR50aeUBYenk+I82' 'sha384-i1MbgafF5elv+qkGzn4riiTPpgeg7xOjdPA9cxFTdeuuqPGqt/r2dFDftVQVVm4s' 'sha384-ZfMmCLcSpxXnF+gntpB6I/E1aOf7ZTaQ/R047NaPmWlZQ6kuhoqfZKpK++gFUf+R' 'sha384-XJCQ79J2nyfahbBBla1w4GMp9MTPfdjo/iju8zIKXo9SKIAH/XSm0frnahGp9ddM' 'sha384-TES8YGcgjDdTkWCFZSE5wfHIuLtca6HSY+YP/qVpzzDHIK22VoEbb5neUuVb1l2G' 'sha384-1ALdyHo259d96CkZhx91yZEB4jiWwrNo70W/16tm78XOxZSKZfUyvOBUn0cMpMVI' 'sha384-CwFtOo97OPoK158BisBiDgai8JyDN06F3iz2xsL5OQGTvp5S5j959CVjx+g83eJh'; upgrade-insecure-requests; default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://apis.google.com https://accounts.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com; connect-src 'self' blob: https://app-boxado-api-prd-01.azurewebsites.net http://localhost:* https://connect.facebook.net https://www.facebook.com https://www.googleapis.com https://securetoken.googleapis.com https://www.google-analytics.com https://region1.google-analytics.com https://region2.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://identitytoolkit.googleapis.com https://firestore.googleapis.com https://apis.google.com https://accounts.google.com https://*.firebaseio.com https://photon.komoot.io https://stats.g.doubleclick.net https://*.hotjar.com wss://*.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://*.sentry.io https://*.ingest.sentry.io; frame-src 'self' https://*.firebaseapp.com https://*.boxado.com https://boxado.com https://www.facebook.com https://www.youtube.com https://*.firebaseio.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://apis.google.com https://accounts.google.com; worker-src 'self' blob:; manifest-src 'self'; media-src 'self' blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports