Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=California, O=Proofpoint, Inc., CN=www.proofpoint.com
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
Valid From
August 11, 2025
Valid Until
August 11, 2026
280 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
AB:6F:B5:94:49:93:C8:4C:3D:98:0C:E4:8F:07:4B:61:F9:18:7C:33:70:F0:72:D7:E9:00:E4:24:85:60:41:AF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; object-src; +10 more
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Not Authorized
(Potential misconfiguration)
Authorized CAs
CAA Issues
- • CRITICAL: Current certificate issuer 'C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36' is NOT authorized by CAA records. Authorized CAs: thawte.com, comodo.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance
Subject Alternative Names
57 domains
fortiva.com
www.fortiva.com
abaca.com
www.abaca.com
proofpoint.com.es
www.proofpoint.com.es
emergingthreats.net
www.emergingthreats.net
emergingthreatspro.com
www.emergingthreatspro.com
insiderthreatmanagement.com
netcitadel.com
www.netcitadel.com
nexgate.com
www.nexgate.com
proofpoint.co.jp
www.proofpoint.co.jp
proofpoint.co.uk
www.proofpoint.co.uk
blog.proofpoint.com
dev11.proofpoint.com
essentials.proofpoint.com
ipcheck.proofpoint.com
ipchecktest.proofpoint.com
jira.proofpoint.com
mobiledefense.proofpoint.com
proofpoint.com
stopemailfraud.proofpoint.com
translate.proofpoint.com
wiki.proofpoint.com
www.proofpoint.com
proofpoint.com.au
www.proofpoint.com.au
proofpoint.com.br
www.proofpoint.com.br
proofpoint.de
www.proofpoint.de
proofpoint.es
www.proofpoint.es
proofpoint.fr
www.proofpoint.fr
proofpoint.it
www.proofpoint.it
proofpoint.jp
www.proofpoint.jp
proofpoint.mx
www.proofpoint.mx
proofpoint.uk
www.proofpoint.uk
proofpointessentials.com
www.proofpointessentials.com
sendmail.com
www.sendmail.com
sigaba.com
www.sigaba.com
proofpoint.uk.com
www.proofpoint.uk.com
Other domains in certificate