DNS Gurus
Open Cached · just now
77/100 SECURITY SCORE

Certificate Information

Subject
CN=elastic.co
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
October 10, 2025
Valid Until
January 08, 2026 66 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
36:B8:32:E8:2D:4D:43:69:F5:5A:9C:52:C1:6F:60:ED:A1:F7:52:31:B2:81:6A:FE:E3:D6:BA:8D:64:1C:6A:00
Alternative Names
74 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Significantly strengthen CSP directives
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

74 domains
elastic.co appsearch.elastic.co artifacts-no-kpi.elastic.co artifacts.elastic.co benchmarks-old.elastic.co benchmarks.elastic.co blog.elastic.co build.elastic.co canvas.elastic.co charge.elastic.co community.elastic.co docs-staging.elastic.co docs.elastic.co download.elastic.co elasticon.elastic.co elasticsearch-benchmark-analytics.elastic.co elasticsearch-benchmarks.elastic.co ember.elastic.co epr-7-9.elastic.co epr-experimental.elastic.co epr-snapshot.elastic.co epr-staging.elastic.co epr.elastic.co helm-dev.elastic.co helm.elastic.co infra-cdn-director.elastic.co infra-cdn.elastic.co login.elastic.co packages.elastic.co prelert-info.elastic.co rally-tracks.elastic.co snapshots-no-kpi.elastic.co snapshots.elastic.co staging.elastic.co stats.elastic.co training.elastic.co wiki.elastic.co artifacts.security.elastic.co

Other domains in certificate

elastic.wtf www.elastic.wtf
elasticacademy.com
elasticbeats.wtf www.elasticbeats.wtf
elasticcloud.wtf www.elasticcloud.wtf
elasticloud.wtf www.elasticloud.wtf
elasticon.co www.elasticon.co
elasticon.com www.elasticon.com
elasticpartneracademy.com www.elasticpartneracademy.com
go.elasticsearch.com support.elasticsearch.com training.elasticsearch.com
elasticsearch.jp www.elasticsearch.jp
download.elasticsearch.org elasticsearch.org packages.elasticsearch.org www.elasticsearch.org
elasticsearch.wtf www.elasticsearch.wtf
infra.elstc.co
insight.io
kibana.wtf www.kibana.wtf
logstash.net www.logstash.net
logstash.wtf www.logstash.wtf
prelert.com *.prelert.com