Open
Cached
·
56m ago
96/100
SECURITY SCORE
Certificate Information
Subject
CN=*.forwardemail.net
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA DV R36
Valid From
July 01, 2025
Valid Until
August 01, 2026
200 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
AE:B7:EA:6A:E3:C7:8E:56:D0:92:59:D1:70:54:DC:B9:AC:46:BD:07:8D:CE:38:B6:ED:6E:72:70:49:A3:97:E9
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31557600; includeSubDomains; preload
Content-Security-Policy
Good
default-src; connect-src; font-src; +9 more
default-src 'self' https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* 'nonce-47368e616451ff79dcb96298a104a148'; connect-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* 'nonce-47368e616451ff79dcb96298a104a148' https://www.paypal.com https://noembed.com; font-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* 'nonce-47368e616451ff79dcb96298a104a148'; img-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* 'nonce-47368e616451ff79dcb96298a104a148' https://badge.hardenize.com https://tracking.qa.paypal.com https://www.paypalobjects.com https://github.com https://*.github.com https://githubusercontent.com https://*.githubusercontent.com https://shields.io https://*.shields.io https://ytimg.com https://*.ytimg.com; style-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* 'nonce-47368e616451ff79dcb96298a104a148' 'unsafe-inline' https://www.paypal.com https://challenges.cloudflare.com; script-src 'self' https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* 'nonce-47368e616451ff79dcb96298a104a148' 'unsafe-inline' https://challenges.cloudflare.com https://www.paypal.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* 'nonce-47368e616451ff79dcb96298a104a148' https://www.youtube.com https://*.youtube-nocookie.com https://challenges.cloudflare.com https://www.paypal.com; report-uri https://forwardemail.net/report; base-uri 'self'; form-action 'self' https://www.namecheap.com https://login.ubuntu.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
amazontrust.com
awstrust.com
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
sectigo.com
; cansignhttpexchanges=yes
ssl.com
amazon.com
amazonaws.com
Wildcard CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
sectigo.com
; cansignhttpexchanges=yes
ssl.com
Incident Reporting
mailto:[email protected]
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 10 CAs - consider limiting to only the CAs you actively use