Open
Cached
·
just now
84/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=New York, O=Ziff Davis LLC, CN=www.ziffdavis.com
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
Valid From
January 20, 2026
Valid Until
January 20, 2027
363 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
91:BE:1E:B6:C7:0E:CC:E7:E0:53:2A:D6:EB:1B:E7:94:5E:47:46:49:6D:CB:38:6D:1B:ED:E4:9A:AA:C4:41:25
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Significantly strengthen CSP directives
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
60 domains
dsar.loseit.com
*.adziff.com
*.askmen.com
dsar.babycenter.com
static.blackfriday.com
castleconnolly.com
*.castleconnolly.com
dsar.castleconnolly.com
*.cnet.com
dsar.couponcodes.com
dsar.creditcardsexplained.com
dsar.dealsofamerica.com
*.doctordirectory.com
dsar.ekahau.com
*.everydayhealth.com
dsar.everydayhealthgroup.com
*.extremetech.com
dsar.formd.com
zdstatic.formd.com
zdstatic.healthecareers.com
zdstatic.healthecareersqa.com
dsar.humblebundle.com
*.ign.com
*.ittoolbox.com
*.mashable.com
*.medpagetoday.com
static.netshelter.net
zdbb.netshelter.net
cdn.nsstatic.com
cdn.nsstatic.net
dsar.offers.com
zdbb.offers.com
zdstatic.offers.com
dsar.ookla.com
*.pcmag.com
dsar.spatialbuzz.com
*.speedtest.net
*.spiceworks.com
dsar.spiceworksziffdavis.com
dsar.swzd.com
*.techbargains.com
*.toolbox.com
api.webtest.net
core.webtest.net
*.whattoexpect.com
cdn.static.zdbb.net
*.zdbb.net
static.zdcimages.com
*.zdnet.com
dsar.zdperformancemarketing.com
m.optout.ziffdavis.com
www.ziffdavis.com
*.ziffdavis.com
*.failover.ziffdavisinternational.com
*.ziffdavisinternational.com
*.ziffdavisinternet.com
static.ziffimages.com
*.ziffprod.com
*.ziffprod.net
cdn.ziffstatic.com
Other domains in certificate