DNS Gurus
Cached · just now
91/100 SECURITY SCORE

Certificate Information

Subject
CN=go.sovos.com
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
January 05, 2026
Valid Until
April 05, 2026 79 days
Public Key
ECDSA 256 bit (P-256) Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
0D:05:8D:3E:DC:4D:A6:8C:28:49:00:18:26:C8:9C:FE:E0:8E:A8:34:BB:1A:4E:3B:E6:2B:45:E5:7E:28:20:0B
Alternative Names
1 domains

Security Configuration

TLS Protocols
TLS 1.2
Forward Secrecy
Limited (Check cipher configuration)
Warnings
  • TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
upgrade-insecure-requests; base-uri; default-src; +10 more
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), gamepad=(), serial=()
Recommendations
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain
go.sovos.com