SSL Certificate Analysis for hsnstore.com - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=hsnstore.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

January 23, 2026

Valid Until

April 23, 2026 81 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

F5:F8:5F:E8:3C:10:C5:F5:17:85:81:79:67:32:BD:2B:F4:58:C2:78:CA:1A:8F:3F:1C:FE:08:2E:C2:38:38:F8

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; form-action; img-src; +7 more

default-src 'self' www.hsnstore.com www.hsnstore.com hsnstore.com *.redsys.es; form-action *.redsys.es *.amazon.es *.amazon.de bancsabadell.com unicaja.es openwaylet-pre.wayletlabs.com open.waylet.es www.paypal.com bitpay.com live.sequrapi.com www.facebook.com facebook.com connect.facebook.net secure.paytpv.com api.paycomet.com *.smart2pay.com *.giropay.de *.sofort.com www.hsnstore.com acs.revolut.com; img-src * data:; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.hsnstore.com *.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com static.sooqr.com static.aws-prod.sooqr.com *.redsys.es translate.googleapis.com tagmanager.google.com fonts.googleapis.com *.googletagmanager.com netdna.bootstrapcdn.com; script-src cdn.hsnstore.com 'unsafe-eval' 'self' 'unsafe-inline' blob *.queue-it.net *.cdn-apple.com *.payments-amazon.com www.hsnstore.com *.spotlersearch.com spotlersearchanalytics.com dynamic.sooqr.com dynamic.aws-prod.sooqr.com apis.google.com www.googletagmanager.com www.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.salesmanago.pl www.salesmanago.es static.sooqr.com static.aws-prod.sooqr.com sealserver.trustwave.com www.youtube.com www.youtube-nocookie.com s.ytimg.com maps.googleapis.com tpc.googlesyndication.com live.sequrapi.com tagmanager.google.com images.dmca.com static.criteo.net sslwidget.criteo.com widget.eu.criteo.com secure.paytpv.com api.paycomet.com js-agent.newrelic.com bam.eu01.nr-data.net *.gstatic.com seal.securetrust.com tracker.metricool.com sandbox.sequracdn.com sandbox.sequrapi.com live.sequracdn.com analytics.tiktok.com www.instagram.com tags.creativecdn.com accounts.google.com pay.google.com; font-src data: 'self' maxcdn.bootstrapcdn.com cdn.hsnstore.com www.hsnstore.com *.cdn-apple.com www.hsnstore.com fonts.gstatic.com netdna.bootstrapcdn.com; connect-src *.redsys.es *.redsys.es:25443 *.google-analytics.com *.queue-it.net *.googlesyndication.com *.saleago.com *.criteo.com *.facebook.com *.facebook.net maps.googleapis.com firehose.eu-central-1.amazonaws.com *.amazon.com www.google-analytics.com www.google.com *.salesmanago.pl www.salesmanago.es www.hsnstore.com www.hsnstore.com www.facebook.com *.g.doubleclick.net graph.facebook.com api.paycomet.com cognito-identity.eu-central-1.amazonaws.com bam.eu01.nr-data.net *.analytics.google.com identitytoolkit.googleapis.com securetoken.googleapis.com www.google.es sandbox.sequracdn.com live.sequracdn.com analytics.tiktok.com ams.creativecdn.com pay.google.com google.com; frame-src www.hsn-online.com hsnonline.com www.salesmanago.pl *.criteo.com td.doubleclick.net www.hsnstore.com www.hsnstore.pt www.hsnstore.it www.hsnstore.eu www.hsnstore.fr www.hsnstore.de tpc.googlesyndication.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com connect.facebook.net www.googletagmanager.com *.g.doubleclick.net www.hsnstore.com live.sequrapi.com translate.googleapis.com accounts.google.com staticxx.facebook.com graph.facebook.com api.paycomet.com gum.criteo.com static.criteo.net sandbox.sequrapi.com sandbox.sequracdn.com live.sequracdn.com www.instagram.com ams.creativecdn.com pay.google.com *.redsys.es; object-src *.hsnstore.com; report-uri https://www.hsnstore.com/reportcsp/;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

hsnstore.com *.hsnstore.com