Open
Cached
·
just now
94/100
SECURITY SCORE
Certificate Information
Subject
CN=herohero.co
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
January 08, 2026
Valid Until
April 08, 2026
72 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
E4:92:78:FE:44:2C:A8:E5:12:EA:4C:6B:E5:59:36:52:2A:67:59:4D:EE:D9:F0:3B:82:2B:B0:E7:87:FD:8E:D4
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Weak
max-age=0; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; frame-ancestors; default-src; +7 more
base-uri 'self'; frame-ancestors 'self'; default-src 'self'; object-src 'none'; script-src 'self' 'nonce-EDNfnf03nceIOffn39fn3e9h3sdfa' 'strict-dynamic' blob: https: 'unsafe-inline' assets.mediadelivery.net *.googletagmanager.com *.google-analytics.com 'wasm-unsafe-eval'; connect-src 'self' *.doubleclick.net *.googlesyndication.com *.facebook.com *.google-analytics.com *.googletagmanager.com analytics.tiktok.com *.ezdrm.com *.gjirafa.net cdn.vpplayer.tech *.wasabisys.com *.vpplayer.net *.gjirafa.tech *.blob.gjirafa.tech ingest.eu.signoz.cloud *.sentry.io *.stripe.com *.herohero.co herohero.co *.googleapis.com *.google.cz *.google.sk *.google.com *.google.nl *.google.es www.lhinsights.com *.bunnycdn.com cdnjs.cloudflare.com; media-src 'self' *.herohero.co blob: cdn.vpplayer.tech *.vpplayer.net *.gjirafa.tech *.bunnycdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com iframe.mediadelivery.net *.bunnycdn.com; img-src 'self' *.vpplayer.tech *.vpplayer.net *.google-analytics.com *.googletagmanager.com https://pagead2.googlesyndication.com *.facebook.com facebook.com heroheroco-assets.storage.googleapis.com heroheroco-assets-prod.storage.googleapis.com *.google.cz *.google.sk *.google.com *.google.nl *.google.es *.herohero.co *.cloudimg.io *.ytimg.com blob: data:; child-src 'self' blob: *.google-analytics.com *.googletagmanager.com td.doubleclick.net *.facebook.com www.youtube-nocookie.com *.herohero.co herohero.co *.stripe.com iframe.mediadelivery.net *.bunnycdn.com
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin
Permissions-Policy
Present
geolocation=(), microphone=(), camera=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
comodoca.com
digicert.com
; cansignhttpexchanges=yes
Wildcard CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts