Open
Cached
·
just now
85/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=Pennsylvania, L=King of Prussia, O=CardConnect, LLC, CN=*.cardpointe.com
Issuer
C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Valid From
April 02, 2025
Valid Until
May 04, 2026
121 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
DC:62:EA:7D:17:57:E3:F4:73:92:99:72:9C:5E:1A:87:53:08:E7:80:C7:4A:43:8D:97:7E:64:2F:A5:91:63:8F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; frame-ancestors; frame-src; +7 more
default-src 'self'; frame-ancestors 'none'; frame-src 'self' https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe fast.trychameleon.com; img-src 'self' cardconnect.com *.cardconnect.com cardpointe.com *.cardpointe.com merchantinfoonline.com *.merchantinfoonline.com *.clover.com fast.trychameleon.com fast.chmln-cdn.com www.google-analytics.com data:; connect-src 'self' www.google-analytics.com maps.googleapis.com fast.trychameleon.com *.perfdrive.com https://www.google.com/recaptcha/api2/clr https://*.cardpointe.com https://*.cardconnect.com https://*.cardconnect.com:6443 https://*.cardconnect.com:8443 https://*.prinpay.com https://*.prinpay.com:6443 https://*.prinpay.com:8443; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com fast.trychameleon.com *.perfdrive.com; form-action 'self'; font-src 'self' cdnjs.cloudflare.com fast.chmln-cdn.com fonts.gstatic.com; object-src 'none';
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports