Open
Cached
·
just now
90/100
SECURITY SCORE
Certificate Information
Subject
CN=ns-vip-01.sys.kth.se
Issuer
C=GR, O=Hellenic Academic and Research Institutions CA, CN=GEANT TLS ECC 1
Valid From
August 20, 2025
Valid Until
August 20, 2026
213 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
40:9E:23:60:03:21:3E:77:D8:1D:41:8A:9F:6B:33:BD:BB:7F:C9:48:CC:11:20:4A:D5:02:37:BB:14:1B:3B:1C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Good
default-src; connect-src; font-src; +10 more
default-src 'none'; connect-src 'self' https://app.kth.se https://analytics.sys.kth.se; font-src 'self' data: https://analytics.sys.kth.se; frame-src https://login.ug.kth.se; img-src 'self' data: https://login.ug.kth.se https://app.kth.se https://analytics.sys.kth.se; media-src 'self' data:; script-src 'self' 'strict-dynamic' 'unsafe-inline' https: 'sha256-h/2sT1GsMN8T6cUkiL6SqdhEnInUJJUxUu3I0DxvEzM=' 'sha256-uPP0/jYP1bF7ws+9BSLOKUSCefJAVAKAWyQHFCwS1ow=' 'sha256-GJz8wEEZkPAmzdVLNndeDp+eiT2ReKMVmwcuJCcdIKk=' 'sha256-RawAKNmFnTlGgmcujbGJJ6SjpNQFwfj5TpgcOhiX9uM=' https://app.kth.se 'sha256-DYrb+SZeYKAiJeTI8xqCayymeuMmVRt+aXq8Ynt+tic=' 'sha256-JwpZ6kdsO5haL5d8W2nR+BUUZTsrojOQyclMTSKFWcg=' https://analytics.sys.kth.se 'sha256-54DKUx7Qkmh+vrYvxTKwuQykpP2Bk5qIFupZfwPfOhw=' 'sha256-mOzgqClRg1EsG4sr3oh/t7NDDfZan3dn2zqg7fqUuwA='; style-src 'self' 'unsafe-inline' 'sha256-XlJJezpbGp47+q/c7l4TfyJhhN7yyxMHIemv9u58A1k=' 'sha256-znMrUDLaHkkjLUDjEYX0eXVQDfCAw9mmpQnqFSL3epY=' 'sha256-7XSx59Bg95A9X5QOWsKDEKO5XuT/PAXcqtmz7GUPVkA=' 'sha256-jL/eOOYgnozMrF5THLfXVfemTAQDrWMpnC2H+4NDIAA=' 'sha256-zxOUcEMjWCO36SfpwF2Tlpk9aYHycnyHSYG7unso1Vk=' 'sha256-GXGKPVBqgmz+7KIoHziIsUyoHjU8dEKl9E1pUnZLHJw=' 'sha256-G1e3GasPFUwqb22BZZoi8rlReu+VYa1aafJwnMiYwqw=' https://app.kth.se 'sha256-PUAqwV974ukNOKvPhtR53qaw+kHXMRbRunbnRPn/qZw=' 'sha256-sLwRROr/mbJokfO2pgYvaHCRVypGNkp3cWkm6VDHe4M=' 'sha256-JhvecqQKT3DpqzO8Z/TSPL5m/RjHBUqSA5GrLOgkKQM=' 'sha256-B9JYPbOZiGon6F8qjY4D/t6EYpFUGegJtB/4ZG54Mkk=' 'sha256-nKMG0xoPrnGiy5m5jSXLEZ1H8l/plcS7n/VihDzEDb8=' 'sha256-9NuL/7o3CJh/VjvscXRHe5Gye7Dp243L5ZU1YhKlRzA=' 'sha256-CMPKSF6K94P9vb+HLmQkZwzY013xbE8ICjMIxlyttPI=' 'sha256-DbCt+LdbbPcXVx80h4hbApSegrnmmeMVBaf9khpzNQw=' 'sha256-PdP32wH4MC8RA1B3jG7o/ZYJvkxjsKPev244erw3lLc=' 'sha256-rqvf2+7jhLL4khGgv1k0uVutqW44F1tuci377dvwlqY=' 'sha256-l49i2cMFpHzPCVISaaLEIfqywoGTLCCOlTAt7aX3snA=' 'sha256-IndbmT3F0m2UpXMam1mKB0eTi5jiTZYEnfVHe6Bz2H4='; form-action 'self' https://login.ug.kth.se; frame-ancestors 'self'; base-uri 'none'; report-uri /api/csp-report; report-to csp-violation
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Not Authorized
(Potential misconfiguration)
Authorized CAs
CAA Issues
- • CRITICAL: Current certificate issuer 'C=GR, O=Hellenic Academic and Research Institutions CA, CN=GEANT TLS ECC 1' is NOT authorized by CAA records. Authorized CAs: sectigo.com, digicert.com, harica.gr, letsencrypt.org
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 4 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance