SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for *.dnsmadeeasy.com, not for connect.loeb.com
Open
Cached
·
just now
85/100
SECURITY SCORE
Certificate Information
Subject
CN=*.dnsmadeeasy.com
Issuer
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1
Valid From
April 01, 2025
Valid Until
May 02, 2026
122 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
22:F1:89:17:09:D2:56:17:DB:65:40:EB:81:2E:BF:8F:2A:0A:F6:BA:E5:BE:FB:40:6A:6A:39:A4:B6:9B:A9:CF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; default-src; media-src; +14 more
base-uri 'none'; default-src 'none'; media-src data: blob:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.azure.com https://cdn.deno.land https://unpkg.com https://ajax.googleapis.com https://statics.teams.microsoft.com https://secure.aadcdn.microsoftonline-p.com https://web.vortex.data.microsoft.com https://wcpstatic.microsoft.com https://consentreceiverfd-prod.azurefd.net https://shellprod.msocdn.com https://webshell.suite.office.com https://shell.cdn.office.net https://webshell.suite.officeppe.com https://shellppe.msocdn.com https://shellppe.cdn.office.net https://outlook.office365.com/ https://amcdn.msauth.net https://amcdn.msftauth.net https://atm-fp-direct.office.com https://a-ring.msedge.net https://b-ring.msedge.net https://k-ring.msedge.net https://s-ring.msedge.net https://ow1.res.office365.com https://afd-a-acdc-direct.office.com https://afd-k-acdc-direct.office.com https://acdc-direct.office.com https://gtm-dyn-direct.office365.com https://outlook.office.com https://outlook.live.com https://substrate.office.com https://r4.res.office365.com https://wusprodprv.msocdn.com https://scuprodprv.msocdn.com https://prod.msocdn.com https://*.cdn.office.net https://portal-sdf.office.com https://portal.officeppe.com https://portal.office.com; style-src 'self' 'report-sample' 'unsafe-inline' https://static2.sharepointonline.com https://shellprod.msocdn.com https://shell.cdn.office.net; img-src 'self' https://login.live.com https://storage.live.com https://webshell.suite.office.com https://res-1.cdn.office.net https://web.vortex.data.microsoft.com data: blob: https://outlook.office365.com https://shellprod.msocdn.com https://shell.cdn.office.net https://shellppe.cdn.office.net https://ow1.res.office365.com *.office365.com *.wvdselfhost.microsoft.com *.wvd.microsoft.com; connect-src 'self' https://officeclient.microsoft.com/ https://alchemysage.azurefd.net https://odc.officeapps.live.com/ https://config.edge.skype.com/ https://oness.microsoft.com https://onessppe.microsoft.com https://graph.microsoft.com/ https://graph.microsoft.us/ https://canary.graph.microsoft.com/ https://*.servicebus.windows.net https://*.cdn.office.net/ https://*.servicebus.usgovcloudapi.net https://*.servicebus.chinacloudapi.cn *.wvd.azure.us wss://*.wvd.azure.us https://tb.pipe.aria.microsoft.com https://config.ecs.gov.teams.microsoft.us https://petrol-int.office.microsoft.com/ https://petrol.office.microsoft.com/ https://waconafd.officeapps.live.com/ https://config.teams.microsoft.com *.events.data.microsoft.com https://web.vortex.data.microsoft.com shellprod.msocdn.com shellppe.msocdn.com *.office.com *.officeppe.com https://shell.cdn.office.net https://shellppe.cdn.office.net https://login.microsoftonline.com https://login.microsoftonline.us https://browser.pipe.aria.microsoft.com https://waconatm.officeapps.live.com https://outlook.office365.com *.wvdselfhost.microsoft.com *.wvd.microsoft.com wss://*.wvdselfhost.microsoft.com wss://*.wvd.microsoft.com https://admin-ignite.microsoft.com https://admin-sdf.microsoft.com https://admin.microsoft.com https://sip.clients.config.office.net/user/v1.0/web/policies https://clients.config.office.net/user/v1.0/web/policies *.cloud.microsoft *.microsoft.com; font-src 'self' https://static2.sharepointonline.com https://spoprod-a.akamaihd.net https://*.cdn.office.net data:; frame-src 'self' https://*.access.mcas.ms/ https://*.access.mcas-gov.ms/ https://*.access.mcas-gov.us/ https://support.microsoft.com/ https://amcdn.msftauth.net https://customervoice.microsoft.com/ https://shellprod.msocdn.com https://webshell.suite.office.com https://webshell.suite.officeppe.com https://login.microsoftonline.com https://login.microsoftonline.us https://outlook.office.com https://outlook.office365.us/ https://eu-mobile.events.data.microsoft.com https://browser.events.data.microsoft.com https://webshell.suite.office365.us/ *.sharepoint.com/ https://www.yammer.com/; child-src 'self' https://shellprod.msocdn.com https://webshell.suite.office.com https://webshell.suite.officeppe.com; worker-src 'self'; form-action 'none'; object-src 'self'; block-all-mixed-content; manifest-src 'self'; report-uri https://edge.skype.net/r/c;frame-ancestors 'self';
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports