Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=sensi.ie
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
November 07, 2025
Valid Until
February 05, 2026
71 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
DD:60:4B:B9:65:47:FE:7D:DB:9E:1D:4E:B7:6E:0F:72:75:7D:92:00:CC:F0:C9:C9:7D:14:08:D9:34:34:8B:F4
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
default-src; script-src; style-src; +10 more
default-src 'self'; script-src 'self' https://26007194.fs1.hubspotusercontent-eu1.net https://7052064.fs1.hubspotusercontent-na1.net https://static.hsappstatic.net https://cdn.weglot.com https://envipco.containers.piwik.pro https://googleads.g.doubleclick.net https://js-eu1.hscollectedforms.net https://js-eu1.hubspot.com https://js-eu1.hs-banner.com https://js-eu1.hsadspixel.net https://js-eu1.hs-analytics.net https://app-eu1.hubspot.com https://widget.datablocks.se https://widget.mfn.se https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.envipco.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://www.google.nl https://vimeo.com https://app.sli.do/ 'unsafe-inline' 'unsafe-hashes'; style-src 'self' https://26007194.fs1.hubspotusercontent-eu1.net https://7052064.fs1.hubspotusercontent-na1.net https://static.hsappstatic.net https://fonts.googleapis.com https://widget.datablocks.se 'unsafe-inline' 'unsafe-hashes'; img-src 'self' data: https://26007194.fs1.hubspotusercontent-eu1.net https://forms-eu1.hsforms.com https://info.envipco.com https://perf-eu1.hsforms.com https://px.ads.linkedin.com https://track-eu1.hubspot.com https://www.google.com https://static.hsappstatic.net https://widget.datablocks.se https://www.googleadservices.com https://www.google.nl https://www.googletagmanager.com https://www.google-analytics.com https://storage.mfn.se; connect-src 'self' https://cdn.weglot.com https://hub.mfn.se https://envipco.piwik.pro https://js-eu1.hs-banner.com https://px.ads.linkedin.com https://www.google-analytics.com https://region1.google-analytics.com https://widget.datablocks.se https://feed.mfn.se https://cta-eu1.hubspot.com https://content.hotjar.io https://app-eu1.hubspot.com https://forms-eu1.hsforms.com https://forms-eu1.hscollectedforms.net https://cp-eu1.hubspot.com https://api-eu1.hubapi.com wss://ws.hotjar.com https://metrics.hotjar.io https://www.google.com; font-src 'self' https://26007194.fs1.hubspotusercontent-eu1.net https://fonts.gstatic.com https://widget.datablocks.se; frame-src 'self' https://forms-eu1.hsforms.com https://play-eu1.hubspotvideo.com https://www.youtube.com https://td.doubleclick.net https://www.googletagmanager.com https://www.google.com https://platform.twitter.com https://vimeo.com https://app.sli.do/; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none';; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports