SSL Certificate Analysis for cdn.wpml.org - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=cdn.wpml.org

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

April 22, 2025

Valid Until

May 21, 2026 124 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

87:09:EC:17:D5:5F:46:40:72:22:09:86:DF:64:BF:C3:8E:E2:62:AF:FF:90:8C:5C:25:E0:FE:EA:A7:C6:9B:EA

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

script-src; frame-src; object-src; +2 more

script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.otgs.work *.stripe.com *.google.com *.googletagmanager.com a.quora.com www.redditstatic.com *.doubleclick.net *.yoast.com yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net *.clarity.ms *.termly.io *.googlesyndication.com *.bing.com *.licdn.com *.posthog.com *.ads-twitter.com *.matomo.cloud; frame-src 'self' blob: *.vimeo.com *.otgs.work *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me *.termly.io *.matomo.cloud https://*.googletagmanager.com; object-src 'self'; worker-src 'self' blob: https://wpml.org https://*.otgs.work; connect-src 'self' *.wpml.org *.posthog.com https://ipinfo.io https://pagead2.googlesyndication.com https://conversions-config.reddit.com https://bat.bing.com https://bat.bing.net https://www.redditstatic.com https://*.doubleclick.net *.redditstatic.com *.reddit.com q.quora.com *.linkedin.com *.clarity.ms *.helpscout.net *.wistia.com *.termly.io d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com *.yoast.com *.wpml.org wss://*.wpml.org https://*.wpml.org *.otgs.work wss://*.otgs.work https://*.otgs.work *.matomo.cloud https://google.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

cdn.wpml.org