Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
CN=intersight.com
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M03
Valid From
April 01, 2025
Valid Until
April 30, 2026
158 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
DC:03:F7:76:3D:CF:1D:12:F2:24:6F:77:E1:9B:FC:C4:6A:D7:F1:12:A6:FB:20:3A:A3:7F:AA:BC:C4:36:2E:7F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
base-uri; worker-src; child-src; +11 more
base-uri 'self' https://cdn.intersight.com/; worker-src 'self' https://intersight.com/ https://cdn.intersight.com/ blob: https://us-east-1.intersight.com/; child-src 'self' https://intersight.com/ https://cdn.intersight.com/ https://cloudsso.cisco.com https://www.cisco.com/ https://id.cisco.com; default-src 'self' https://cdn.intersight.com/; font-src 'self' data: https://cdn.intersight.com/; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://cdn.intersight.com/; object-src 'none'; img-src 'self' data: https://cdn.intersight.com/; form-action 'self' https://intersight.com/ https://cloudsso.cisco.com https://www.cisco.com/ https://id.cisco.com; script-src 'self' https://cdn.intersight.com/; sandbox allow-modals allow-scripts allow-same-origin allow-popups allow-forms allow-downloads; connect-src 'self' https://cdn.intersight.com/ https://status.intersight.com/ https://cdn.whatfix.com/ https://status.emea.intersight.com https://download.intersight.com/ wss://socket.intersight.com wss://intersight.com wss://*.intersight.com data: https://us-east-1.intersight.com/; frame-src 'self' data: blob: https://intersight.com/ https://cdn.intersight.com/ https://cloudsso.cisco.com https://www.cisco.com/ https://id.cisco.com https://cdn.whatfix.com/ https://www.youtube.com/;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
13 domains
intersight.com
*.intersight.com
*.eu-central-1.intersight.com
*.us-east-1.intersight.com
eu-central-1.networking.cisco.com
eu-central-1.sustainability.networking.cisco.com
eu-central-1.workflows.networking.cisco.com
networking.cisco.com
sustainability.networking.cisco.com
us-east-1.networking.cisco.com
us-east-1.sustainability.networking.cisco.com
us-east-1.workflows.networking.cisco.com
workflows.networking.cisco.com
Other domains in certificate