SSL Certificate Analysis for eway.com.au - Security Grade & TLS Configuration

Open Cached · just now

79/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

DigiCert

Certificate Information

Subject

C=AU, ST=Queensland, L=Bowen Hills, O=EWAY PAYMENTS PTY LTD, CN=www.eway.com.au

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Valid From

February 23, 2026

Valid Until

March 26, 2027 324 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

99:5C:CD:CD:2F:ED:C6:63:70:BF:27:79:07:A7:42:CC:F5:69:25:AD:8E:EF:85:55:1F:13:27:91:45:D2:26:EB

Alternative Names

21 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

21 domains

eway.com.au www.eway.com.au

Other domains in certificate

www.eway.co.nz

au.ewaygateway.com nz.ewaygateway.com www.ewaygateway.com

api.ewaypayments.com au.ewaypayments.com nz.ewaypayments.com secure.ewaypayments.com

api.gpaunz.com connect.gpaunz.com docs.gpaunz.com *.gpaunz.com hosted.gpaunz.com sandbox.api.gpaunz.com *.sandbox.gpaunz.com sandbox.hosted.gpaunz.com

au.myeway.com nz.myeway.com

eway2admin.webactive.com.au