DNS Gurus
Open Cached · 2m ago
76/100 SECURITY SCORE

Certificate Information

Subject
C=US, ST=California, O=Proofpoint, Inc., CN=cts-pp.proofpoint.com
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
Valid From
July 02, 2025
Valid Until
July 02, 2026 238 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
93:BD:D2:EA:C7:65:8C:0D:21:AF:81:DB:49:A1:BF:AF:09:27:BC:6E:3F:02:60:2A:97:78:30:C9:13:B8:11:05
Alternative Names
71 domains

Security Configuration

TLS Protocols
TLS 1.0 TLS 1.1 TLS 1.2
Forward Secrecy
Limited (Check cipher configuration)
Warnings
  • TLS 1.3 is not supported (recommended)
  • TLS 1.1 is deprecated and should be disabled
  • TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Weak
upgrade-insecure-requests
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Significantly strengthen CSP directives
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

71 domains
api-cts-at1.proofpoint.com api-cts-fc1.proofpoint.com api-cts-fc2.proofpoint.com api-cts-fc3.proofpoint.com api-cts-sc4.proofpoint.com api-cts.proofpoint.com api-cts2.proofpoint.com api-cts3.proofpoint.com cts-at1.proofpoint.com cts-fc1.proofpoint.com cts-fc2.proofpoint.com cts-fc3.proofpoint.com cts-itm-onprem-lic-at1.proofpoint.com cts-itm-onprem-lic-sc4.proofpoint.com cts-pp-at1.proofpoint.com cts-pp-sc4.proofpoint.com cts-pp.proofpoint.com cts-pp2.proofpoint.com cts-sc4.proofpoint.com cts-staging1-at1.proofpoint.com cts-staging1-sc4.proofpoint.com cts-staging1.proofpoint.com cts-staging2-at1.proofpoint.com cts-staging2-sc4.proofpoint.com cts-staging2.proofpoint.com cts-staging3-at1.proofpoint.com cts-staging3-sc4.proofpoint.com cts-staging3.proofpoint.com cts.proofpoint.com cts1-at1.proofpoint.com cts1-sc4.proofpoint.com cts1.proofpoint.com cts2-at1.proofpoint.com cts2-sc4.proofpoint.com cts2.proofpoint.com cts3-api.proofpoint.com cts3-at1.proofpoint.com cts3-download-at1.proofpoint.com cts3-download.proofpoint.com cts3-fsecure-at1.proofpoint.com cts3-fsecure.proofpoint.com cts3-help.proofpoint.com cts3-sc4.proofpoint.com cts3-support-at1.proofpoint.com cts3-support.proofpoint.com cts3-try.proofpoint.com cts3-updates.proofpoint.com cts3.proofpoint.com cts4.proofpoint.com cts5.proofpoint.com cts6.proofpoint.com dl1-at1.proofpoint.com dl1-sc4.proofpoint.com dl1.proofpoint.com dl2.proofpoint.com f-secure-at1.proofpoint.com f-secure-sc4.proofpoint.com f-secure.proofpoint.com fsecure.proofpoint.com kb.proofpoint.com support-at1.proofpoint.com support-cts.proofpoint.com support-sc4.proofpoint.com support.proofpoint.com support1.proofpoint.com support2.proofpoint.com updates-cts-at1.proofpoint.com updates-cts-sc4.proofpoint.com updates-cts.proofpoint.com

Other domains in certificate

secureobjects-at1.ppops.net secureobjects-sc4.ppops.net