SSL Certificate Analysis for iomart.com - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=*.iomart.com

Issuer

C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1

Valid From

October 13, 2025

Valid Until

November 10, 2026 294 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

41:F9:62:1A:85:AE:87:3F:80:E8:D0:71:61:38:F0:D7:BF:80:6E:7C:53:B0:A3:B1:4C:7E:93:06:33:B9:AB:D7

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

connect-src; default-src; font-src; +8 more

connect-src 'self' ws: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com stats.g.doubleclick.net content.hotjar.io *.bing.com bat.bing.net munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com 106-jev-611.mktoresp.com s3.eu-west-1.amazonaws.com/marker.sessions.prod/ *.hotjar.com https://fast.wistia.com https://*.wistia.com https://*.wistia.net *.wistia.net; default-src 'self' *.google-analytics.com *.googletagmanager.com; font-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com *.wistia.net; form-action 'self' *.cookiebot.com *.google.com; frame-ancestors 'self'; frame-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com *.youtube.com https://*.wistia.com *.wistia.net; img-src 'self' data: *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com static.hotjar.com px4.ads.linkedin.com bat.bing.net *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com https://fast.wistia.com https://*.wistia.com https://*.wistia.net data: *.wistia.net; media-src 'self' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com *.google.com snap.licdn.com px.ads.linkedin.com *.wistia.com https://*.wistia.com https://*.wistia.net blob: *.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com static.hotjar.com script.hotjar.com *.bing.com munchkin.marketo.net *.vimeo.com *.vimeocdn.com *.marker.io *.umbraco.com unpkg.com *.google.com snap.licdn.com *.pardot.com https://fast.wistia.com *.sentry-cdn.com *.wistia.net; style-src 'self' 'unsafe-inline' *.cookiebot.com *.iomart.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.bing.com munchkin.marketo.net *.vimeo.com *.marker.io *.umbraco.com unpkg.com *.google.com snap.licdn.com px.ads.linkedin.com; worker-src 'self' *.cookiebot.com *.google.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Present

accelerometer=(self),autoplay=(self),camera=(self),clipboard-read=(self),clipboard-write=(self),cross-origin-isolated=(self),display-capture=(self),encrypted-media=(self),fullscreen=(self),gamepad=(self),geolocation=(self),gyroscope=(self),hid=(self),idle-detection=(self),interest-cohort=(self),keyboard-map=(self),magnetometer=(self),microphone=(self),midi=(self),payment=(self),picture-in-picture=(*),publickey-credentials-get=(self),screen-wake-lock=(self),serial=(self),sync-xhr=(self),usb=(self),web-share=(self),xr-spatial-tracking=(self)

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

iomart.com *.iomart.com