SSL Certificate Analysis for creoline.com - Security Grade & TLS Configuration

Open Cached · just now

96/100 SECURITY SCORE

Certificate Information

Subject

CN=*.creoline.com

Issuer

C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

Valid From

April 19, 2025

Valid Until

May 19, 2026 143 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

16:12:19:4C:95:6D:6E:86:40:AC:71:F2:7F:9E:8E:9C:0F:B3:20:F5:47:80:6E:E1:8B:E7:AF:6A:0E:C8:99:09

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Good

default-src; script-src; style-src; +10 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

geolocation=(),camera=(),microphone=(),payment=(),fullscreen=(self),usb=(),bluetooth=(),midi=(),magnetometer=(),gyroscope=(),accelerometer=(),clipboard-read=(self),clipboard-write=(self),gamepad=(),autoplay=(),web-share=(),screen-wake-lock=(),xr-spatial-tracking=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

sectigo.com digicert.com letsencrypt.org

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

2 domains

creoline.com *.creoline.com