SSL Certificate Analysis for coolblue.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=coolblue.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

January 07, 2026

Valid Until

April 07, 2026 85 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

CD:59:04:F5:25:EC:DB:DB:D4:29:39:0C:7D:A4:CF:F3:C4:E1:44:DD:25:77:53:C5:72:95:A4:54:EB:C3:AB:92

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; script-src-elem; +13 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://unpkg.com https://snap.licdn.com https://js.hs-scripts.com https://*.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com https://js.hsadspixel.net https://js.usemessages.com https://js.hscollectedforms.net https://analytics.bluemountain.io https://challenges.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://kit.fontawesome.com https://js.hsforms.net https://cdn-cookieyes.com https://www.cookieyes.com https://fast.wistia.com https://fast.wistia.net https://js.zi-scripts.com https://browser.sentry-cdn.com https://www.youtube.com *.cloudflare.com *.cloudflareinsights.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.googleadservices.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://unpkg.com https://snap.licdn.com https://js.hs-scripts.com https://*.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hubspot.com https://js.hsadspixel.net https://js.usemessages.com https://js.hscollectedforms.net https://analytics.bluemountain.io https://challenges.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://kit.fontawesome.com https://js.hsforms.net https://cdn-cookieyes.com https://www.cookieyes.com https://fast.wistia.com https://fast.wistia.net https://js.zi-scripts.com https://browser.sentry-cdn.com https://www.youtube.com *.cloudflare.com *.cloudflareinsights.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://challenges.cloudflare.com https://use.typekit.net https://p.typekit.net https://pro.fontawesome.com https://cdnjs.cloudflare.com https://www.bluemountain.io; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://p.typekit.net https://ka-p.fontawesome.com https://cdnjs.cloudflare.com https://pro.fontawesome.com https://cdn.jsdelivr.net data: https:; img-src 'self' data: blob: https: *.coolblue.com *.bluemountain.io bluemountain.io https://www.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://px.ads.linkedin.com https://js.hsadspixel.net https://secure.gravatar.com https://www.google.com https://www.gstatic.com https://cdn-cookieyes.com https://fast.wistia.com https://fast.wistia.net https://i.ytimg.com; connect-src 'self' https://www.bluemountain.io *.coolblue.com *.bluemountain.io *.cloudflare.com *.cloudflareinsights.com https://ws.zoominfo.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://js.zi-scripts.com https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://analytics.bluemountain.io https://www.google-analytics.com https://region1.google-analytics.com https://www.google.com https://www.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://www.googletagmanager.com https://tagmanager.google.com https://forms.hsforms.com https://js.hs-scripts.com https://*.hs-scripts.com https://px.ads.linkedin.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn-cookieyes.com https://directory.cookieyes.com https://log.cookieyes.com https://www.cookieyes.com https://api.hubapi.com https://api.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://fast.wistia.com https://fast.wistia.net https://static.hsappstatic.net https://*.hsappstatic.net https://api.usemessages.com https://*.usemessages.com https://pipedream.wistia.com https://distillery.wistia.com https://*.wistia.com https://*.wistia.net https://embed-ssl.wistia.com https://embed.wistia.com https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com https://sentry.io https://*.sentry.io https://*.ingest.sentry.io https://browser.sentry-cdn.com https://unpkg.com; worker-src 'self' blob:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://forms.hsforms.com https://challenges.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://td.doubleclick.net *.coolblue.com https://fast.wistia.com https://fast.wistia.net https://*.wistia.com; media-src 'self' blob: data: https://fast.wistia.com https://fast.wistia.net https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com https://www.youtube.com https://www.youtube-nocookie.com https://*.googlevideo.com; object-src 'none'; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com https://www.bluemountain.io; base-uri 'self'; upgrade-insecure-requests

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=(), camera=()

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

coolblue.com *.coolblue.com