Open
Cached
·
just now
79/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=North Carolina, O=Lowes Companies Inc, CN=wwwdtq1.lowes.com
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV E36
Valid From
February 02, 2026
Valid Until
March 05, 2027
395 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
78:2E:1C:B4:98:2B:73:0F:9A:69:58:A8:1A:8C:3F:93:93:63:34:7E:D0:49:7C:E8:5D:F5:70:40:C5:B7:6D:AD
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Weak
frame-ancestors; upgrade-insecure-requests
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
69 domains
admin.lowes.com
adminlwssit4.lowes.com
ads.lowes.com
apis-b2b-dev.lowes.com
apis-b2b-sbx.lowes.com
apis-b2b-stage.lowes.com
apis-dev.lowes.com
apis-stage.lowes.com
designer-stage.lowes.com
dev-blinds.lowes.com
dev-vendorgateway.lowes.com
dev1lda.lowes.com
dev1ldaauth.lowes.com
dev1ldaweb.lowes.com
devmobileimages.lowes.com
feedback-dev.lowes.com
feedback-stage.lowes.com
feedback.lowes.com
glass-npe.lowes.com
glass.lowes.com
kitchendesign2-qa.lowes.com
legal-stage.lowes.com
lwscomsit3.lowes.com
lwscomsit4.lowes.com
mcp-dev.lowes.com
mcp-stage.lowes.com
mft-as2-b2b-dev.lowes.com
mft-as2-b2b-prd.lowes.com
mft-as2-b2b-stage.lowes.com
mft-http-b2b-dev.lowes.com
mft-http-b2b-prd.lowes.com
mft-http-b2b-stage.lowes.com
mft-rhttp-b2b-dev.lowes.com
mft-rhttp-b2b-stage.lowes.com
mobile-pricelens.lowes.com
myhr.lowes.com
perf.lowes.com
piefesdev.lowes.com
piefesperf.lowes.com
ppads.lowes.com
replayhub-stage.lowes.com
sg-dev.lowes.com
sg-stage.lowes.com
stage-blinds.lowes.com
stage-vendorgateway.lowes.com
wwwdtq1.lowes.com
mrv-contact-center.dev.lowes.com
dev.lowescdn.com
devmobileimages.lowescdn.com
lwscomsit3.lowesforpros.com
lowesgov.com
perf.lowesgov.com
www.lowesgov.com
stage.loweshq.com
dev.advertising.lowesmedianetwork.com
npe.lowesmedianetwork.com
stage.advertising.lowesmedianetwork.com
lowesmeridius.com
www.lowesmeridius.com
npe.lowesoneroofmedianetwork.com
lowespbm.com
perf.lowespbm.com
www.lowespbm.com
lowesquotes.com
perf.lowesquotes.com
www.lowesquotes.com
qawww.myloweslife.com
dev.onerooflowesmedia.com
stage.onerooflowesmedia.com
Other domains in certificate