Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
CN=durex.be
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 10, 2025
Valid Until
March 10, 2026
57 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A0:E7:32:B4:FF:6F:6C:CC:D6:2F:24:4A:A3:35:2F:9C:7D:25:09:31:88:03:8C:39:81:C3:0D:9E:9F:7A:9A:AE
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Basic
base-uri; default-src; script-src; +9 more
base-uri 'self'; default-src 'self' 'unsafe-inline' *.doubleclick.net www.facebook.com uk.cdn-net.com six.cdn-net.com *.analytics.google.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.google-analytics.com connect.facebook.net facebook.com cdn.jsdelivr.net *.doubleclick.net apps.bazaarvoice.com display.ugc.bazaarvoice.com *.pricespider.com *.mapbox.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cdnjs.cloudflare.com/ajax/libs/socket.io/2.3.0/socket.io.slim.js cdnjs.cloudflare.com/ajax/libs/handlebars.js/3.0.3/handlebars.runtime.min.js cdnjs.cloudflare.com/ajax/libs/handlebars.js/3.0.3/handlebars.min.js *.googletagmanager.com *.adimo.co *.adimouat.co 4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.mikmak.ai *.swaven.com tagmanager.google.com stats.g.doubleclick.net c.amazon-adsystem.com apis.google.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com display.ugc.bazaarvoice.com cdn.pricespider.com api.tiles.mapbox.com/mapbox-gl-js/v1.8.1/mapbox-gl.css *.mikmak.ai *.swaven.com *.google-analytics.com tagmanager.google.com; object-src 'none'; form-action 'self' www.facebook.com stg.api.bazaarvoice.com; font-src 'self' data: fonts.gstatic.com *.mikmak.ai *.swaven.com *.static-swaven.com; worker-src 'self' blob:; child-src blob:; connect-src 'self' api.contentstack.com eu-api.contentstack.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com cookies-data.onetrust.io *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.google.com stats.g.doubleclick.net api.evrythng.io sgtm.durex.nl/ phx-promoplatform-api-pl-prod.promoplatform.rbcloud.io digital-lds-application-web-production.frankfurt.rbdigitalcloud.com ot-proxy-api-ch2-xdp265.m3jzw3-2.deu-c1.cloudhub.io ot-proxy-api-cf6r4v.m3jzw3-2.deu-c1.cloudhub.io *.algolia.net *.algolianet.com *.algolia.io *.gcp.cloud.es.io cognito-idp.eu-central-1.amazonaws.com stg.api.bazaarvoice.com *.pricespider.com *.tiles.mapbox.com api.mapbox.com events.mapbox.com identitytoolkit.googleapis.com firestore.googleapis.com securetoken.googleapis.com *.adimo.co *.adimouat.co 4dvq37jqcg.execute-api.eu-west-1.amazonaws.com *.mikmak.ai *.swaven.com facebook.com connect.facebook.net eu-rest-preview.contentstack.com api.evrythng.io *.clarity.ms; img-src 'self' data: eu-images.contentstack.com images.salsify.com cdn.cookielaw.org optanon.blob.core.windows.net www.facebook.com www.google.com www.google.pl network-stg-a.bazaarvoice.com *.pricespider.com cdn.jsdelivr.net/gh/lipis/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com *.doubleclick.net *.mikmak.ai *.swaven.com *.static-swaven.com stats.g.doubleclick.net ssl.gstatic.com storage.googleapis.com *.bing.com *.clarity.ms; frame-src www.tiktok.com www.instagram.com www.facebook.com www.youtube.com www.youtube-nocookie.com develop.dtukelhhqa2x2.amplifyapp.com main.dtukelhhqa2x2.amplifyapp.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ display.ugc.bazaarvoice.com stg.api.bazaarvoice.com *.doubleclick.net *.adimo.co *.adimouat.co *.mikmak.ai *.swaven.com *.contact-us-reckitt.com *.contentstack.com cdn.shopify.com
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(self), geolocation=(self), accelerometer=(self), gyroscope=(self), magnetometer=(self), microphone=(self)
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
35 domains
durex.nl
durex.co.id
www.durex.co.id
durex.com.my
www.durex.com.my
durex.com.sg
www.durex.com.sg
durex.be
durex.cl
www.durex.cl
durex.co.nz
www.durex.co.nz
durex.co.za
www.durex.co.za
durex.cz
www.durex.cz
durex.ee
www.durex.ee
durex.gr
www.durex.gr
durex.hu
durex.jp
www.durex.jp
durex.lt
www.durex.lt
durex.lv
www.durex.lv
durexandino.com
www.durexandino.com
durexcam.com
www.durexcam.com
durexme.com
www.durexme.com
durexsk.sk
www.durexsk.sk
Other domains in certificate