DNS Gurus

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Unknown Certificate Authority - the server's certificate is not trusted

Cached · just now
95/100 SECURITY SCORE

Certificate Information

Subject
CN=kpnthings.com
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Valid From
February 24, 2025
Valid Until
March 13, 2026 46 days
Public Key
RSA 4096 bit Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5E:0A:DB:FB:2C:E7:2F:2C:60:07:98:99:33:A7:7C:59:EA:25:71:96:FD:4A:88:23:F1:87:98:2A:28:90:C6:E1
Alternative Names
2 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
frame-ancestors; default-src; img-src; +7 more
X-Frame-Options
Excellent
deny
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Configured (Restricts certificate issuance)
Current Issuer
Authorized (Matches CAA policy)
Authorized CAs
sectigo.com letsencrypt.org www.pkioverheid.nl digicert.com kpn.com pki.goog
Wildcard CAs
letsencrypt.org sectigo.com
Incident Reporting
Recommendations
  • Consider using critical flag (flags=128) for stricter CAA enforcement
  • You have authorized 6 CAs - consider limiting to only the CAs you actively use

Subject Alternative Names

2 domains
kpnthings.com www.kpnthings.com