DNS Gurus
Open Cached · just now
92/100 SECURITY SCORE

Certificate Information

Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 85, 83>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 8, 68, 101, 108, 97, 119, 97, 114, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=3014267, C=US, ST=California, L=San Jose, O=PayPal, Inc., CN=www.paypal.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert EV RSA CA G2
Valid From
August 05, 2025
Valid Until
August 04, 2026 246 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A6:C0:A2:30:F9:69:64:91:78:C1:B6:BD:F4:64:B7:8A:CF:17:D7:55:84:52:3F:43:97:56:68:51:CA:99:FD:6B
Alternative Names
83 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; style-src; script-src; +10 more
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-platform-version=(self "https://c.paypal.com"),ch-ua-arch=(self "https://c.paypal.com"),ch-ua-wow64=(self "https://c.paypal.com"),ch-ua-model=(self "https://c.paypal.com"),ch-ua-bitness=(self "https://c.paypal.com"),ch-ua-full-version=(self "https://c.paypal.com"),ch-ua-full-version-list=(self "https://c.paypal.com")
Recommendations
  • Strengthen CSP by removing 'unsafe-eval'
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

83 domains
braintreepayments.com articles.braintreepayments.com brand.braintreepayments.com developer.braintreepayments.com developers.braintreepayments.com help.braintreepayments.com support.braintreepayments.com www.braintreepayments.com www.brand.braintreepayments.com

Other domains in certificate

braintreecharge.com www.braintreecharge.com
braintreefinancial.com www.braintreefinancial.com
assets.braintreegateway.com id.braintreegateway.com js.braintreegateway.com
braintreepaymentsolutions.com www.braintreepaymentsolutions.com
id.hyperwallet.com
id.joinhoney.com
us.paypal-qrc-seller-supplies.com
de.paypal-qrc.com es.paypal-qrc.com fr.paypal-qrc.com it.paypal-qrc.com uk.paypal-qrc.com us.paypal-qrc.com
docs.paypal.ai www.paypal.ai
www.paypal.biz
m.paypal.co.uk
business.paypal.com c.paypal.com c6.paypal.com checkout.paypal.com connect.paypal.com cors.api.paypal.com creditapply.paypal.com demo.paypal.com developer.paypal.com fastlane.paypal.com financing.paypal.com fpdbs.paypal.com history.paypal.com id.paypal.com login.paypal.com m.paypal.com mobile.paypal.com onboarding.paypal.com p.paypal.com pep.paypal.com pics.paypal.com pointofsale-s.paypal.com pp-au.paypal.com pp-eu.paypal.com pp-in.paypal.com pp-us.paypal.com qwac.paypal.com safebreach.paypal.com secure.paypal.com securepayments.paypal.com ssp.paypal.com sspserv.paypal.com t.paypal.com transfer.paypal.com www-st.paypal.com www.fastlane.paypal.com www.paypal.com zettleintegrations.paypal.com
m.paypal.com.au
m.paypal.es
m.paypal.fr
m.paypal.it
paypal.me
content.paypalobjects.com www.paypalobjects.com
py.pl www.py.pl
id.venmo.com id6.venmo.com now.venmo.com
id.xoom.com
id.zettle.com