Open
Cached
·
just now
81/100
SECURITY SCORE
Certificate Information
Subject
C=CH, ST=Genève, O=CERN Organisation Européenne pour la Recherche Nucléaire, CN=www.cern.ch
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
Valid From
November 05, 2025
Valid Until
November 24, 2026
368 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
17:0D:6B:78:94:64:BC:C4:3F:F6:0F:D0:0C:82:5B:26:15:2E:11:60:97:69:F2:77:9C:B1:6B:33:9E:CF:5C:90
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
105 domains
experiments.cern
about.cern
accelerating-news.eu
acceleratingnews.eu
accelerators.cern
againstcovid19.cern
alice.cern
ams02.space
www.ams02.space
antimatter.cern
arts.cern
www.arts.cern
at.cern
atlas.cern
www.atlas.cern
awake.cern
beamlineforschools.cern
beams.cern
belgium.cern
careers.cern
aliceinfo.cern.ch
*.app.cern.ch
*.apptest.cern.ch
bulletinserv.cern.ch
cern.ch
dashb-cms-vo-feed.cern.ch
*.docs.cern.ch
groups.cern.ch
info.cern.ch
monit.cern.ch
pensionfund.cern.ch
quantum.cern.ch
root.cern.ch
search.cern.ch
*.web.cern.ch
*.webtest.cern.ch
www.cern.ch
cern.int
www.cern.int
cern70.cern
cernandsocietyfoundation.cern
chis.cern
cixp.net
www.cixp.net
clear.cern
clic.cern
cms.cern
computing.cern
cosmicrays.cern
darkmatter.cern
education.cern
engineering.cern
environment.cern
europeanstrategy.cern
flair.cern
fluka.cern
giving.cern
higgsboson.cern
home.cern
www.home.cern
hse.cern
ideasquare.cern
ifast-project.eu
internationalrelations.cern
ippog.org
isolde.cern
jobs.cern
knowledge.cern
kt.cern
learn.cern
lhc.cern
library.cern
medicis.cern
news.cern
newsroom.cern
nic.cern
norway.cern
open-quantum-institute.cern
opendays.cern
openlab.cern
openscience.cern
opensource.cern
oqi.cern
particles.cern
physics.cern
press.cern
quantum.cern
root.cern
science.cern
sciencegateway.cern
scienceinschool.org
scientific-info.cern
sparks.cern
staff-association.cern
standardmodel.cern
supersymmetry.cern
teachers.cern
technology.cern
theory.cern
united-states.cern
ventureconnect.cern
visit.cern
voisins.cern
webfest.cern
www.cern
Other domains in certificate