Open
Cached
·
just now
88/100
SECURITY SCORE
Certificate Information
Subject
CN=*.bazaar.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q2
Valid From
June 18, 2025
Valid Until
July 20, 2026
231 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
38:FF:24:D9:D9:96:B3:02:54:D1:9B:1A:E0:78:49:C2:0F:4A:32:8B:FC:73:10:D7:6B:4A:E0:4B:72:8C:9F:03
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31557600; includeSubDomains
Content-Security-Policy
Basic
upgrade-insecure-requests; default-src; script-src; +9 more
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https: https://accounts.google.com/gsi/; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://accounts.google.com/gsi/client; style-src data: 'unsafe-inline' https: https://accounts.google.com/gsi/style; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob: https://accounts.google.com/gsi/; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
147 domains
delish.com
*.delish.com
25ans.jp
*.25ans.jp
altaonline.com
*.altaonline.com
autoweek.com
*.autoweek.com
bazaar.com
*.bazaar.com
bestproducts.com
*.bestproducts.com
bicycling.com
*.bicycling.com
biography.com
*.biography.com
bringatrailer.com
*.bringatrailer.com
caranddriver.com
*.caranddriver.com
cosmopolitan.com
*.cosmopolitan.com
countryliving.com
*.countryliving.com
crfashionbook.com
*.crfashionbook.com
drozthegoodlife.com
*.drozthegoodlife.com
elle.com
*.elle.com
elledecor.com
*.elledecor.com
ellegirl.jp
*.ellegirl.jp
esquire.com
*.esquire.com
firstfinds.com
*.firstfinds.com
fujingaho.jp
*.fujingaho.jp
gearpatrol.com
*.gearpatrol.com
gente.it
*.gente.it
ghsealapplication.com
*.ghsealapplication.com
goodhouse.com
*.goodhouse.com
goodhousekeeping.com
*.goodhousekeeping.com
*.h-cdn.co
harpersbazaar.com
*.harpersbazaar.com
hdmtech.net
*.hdmtech.net
*.hdmtools.com
*.dev.mediaos.hearst.io
*.hearst.io
*.hearstapps.com
*.cdn-test.hearstapps.net
*.cdn.hearstapps.net
*.hearstapps.net
*.mtg.cdn.hearstapps.net
*.hearstautos.net
*.hearstdigitalstudios.com
*.hearstdigitalstudios.net
hearstlabs.com
*.hearstlabs.com
hearstlive.co.uk
*.hearstmags.com
hearstmags.id
*.hearstmags.id
hotrod.com
*.hotrod.com
housebeautiful.com
*.housebeautiful.com
intelliprice.com
*.intelliprice.com
*.jumpstarttaggingsolutions.com
menshealth.com
*.menshealth.com
menshealth.it
*.menshealth.it
menshealthtravel.com
*.menshealthtravel.com
modernliving.jp
*.modernliving.jp
motortrend.com
*.motortrend.com
myio.id
*.myio.id
mylo.id
*.mylo.id
nationalgeographic.nl
*.nationalgeographic.nl
nuevoestilo.es
*.nuevoestilo.es
oprahdaily.com
*.oprahdaily.com
oprahmag.com
*.oprahmag.com
popularmechanics.com
*.popularmechanics.com
prevention.com
*.prevention.com
redbookmag.com
*.redbookmag.com
richessemag.jp
*.richessemag.jp
rnylo.com
*.rnylo.com
rnylo.id
*.rnylo.id
roadandtrack.com
*.roadandtrack.com
rodalesorganiclife.com
*.rodalesorganiclife.com
rrylo.com
*.rrylo.com
rrylo.id
*.rrylo.id
runnersworld.com
*.runnersworld.com
runnersworld.it
*.runnersworld.it
s-w-e-e-t.com
*.s-w-e-e-t.com
seventeen.com
*.seventeen.com
shopbazaar.com
www.shopbazaar.com
thepioneerwoman.com
*.thepioneerwoman.com
thepioneerwomancooks.com
*.thepioneerwomancooks.com
todays-rewards.com
*.todays-rewards.com
townandcountrymag.com
*.townandcountrymag.com
veranda.com
*.veranda.com
wearesweet.co
*.wearesweet.co
womansday.com
*.womansday.com
womenshealthmag.com
*.womenshealthmag.com
Other domains in certificate