Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
C=AU, ST=New South Wales, L=Bella Vista, O=Woolworths Group Limited, CN=woolworths.com.au
Issuer
C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1
Valid From
February 10, 2025
Valid Until
February 10, 2026
76 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A0:AB:03:BB:45:6A:CF:59:C9:B6:3D:26:F2:5C:D7:A3:FE:34:92:65:BD:BF:DD:82:37:49:0B:B2:24:CC:04:18
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=600 ; includeSubDomains
Content-Security-Policy
Basic
object-src; base-uri; script-src; +4 more
object-src 'none'; base-uri 'self' *.milkrun.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.exponea.com *.milkrun.com static.zdassets.com *.googletagmanager.com connect.facebook.net cdn.branch.io analytics.tiktok.com app.link edge.fullstory.com maps.googleapis.com s.go-mpulse.net api.smooch.io *.google.com *.cybersource.com *.online-metrix.net *.zendesk.com *.adsrvr.org; form-action 'self'; worker-src 'self' *.exponea.com *.milkrun.com; frame-ancestors 'self' *.cybersource.com; upgrade-insecure-requests;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
71 domains
milkrun.com
*.milkrun.com
*.api-wr.com
*.bigw-online.net
bigw.com.au
*.bigw.com.au
*.market.bigw.com.au
cartology.co.nz
pilot.cartology.co.nz
preprod.cartology.co.nz
uat.cartology.co.nz
www.cartology.co.nz
cdx-static.nz
sit.cdx-static.nz
uat.cdx-static.nz
countdown.co.nz
*.countdown.co.nz
everyday.com.au
*.everyday.com.au
everydaymobile.com.au
www.everydaymobile.com.au
everydayrewards.com.au
*.everydayrewards.com.au
frequentshopperclub.com.au
*.frequentshopperclub.com.au
*.healthylife.com.au
*.homerun.com.au
masters.com.au
metro60.com
*.metro60.com
metro60.com.au
*.metro60.com.au
nzgrocerywholesalers.co.nz
orderportal.nzgrocerywholesalers.co.nz
www.nzgrocerywholesalers.co.nz
www.orderportal.nzgrocerywholesalers.co.nz
tracein.store
www.tracein.store
wooliesx.com
wooliesx.com.au
*.wooliesx.com.au
*.mobile-api.woolworths.com.au
woolworths.com.au
*.woolworths.com.au
www.insurance.woolworths.com.au
www.kiosks.woolworths.com.au
www.loans.woolworths.com.au
www.mobile.woolworths.com.au
www.savings.woolworths.com.au
www.services.woolworths.com.au
www.talk.woolworths.com.au
woolworths.media
*.woolworths.media
woolworthsconnect.com.au
*.woolworthsconnect.com.au
covidjourney.woolworthsgroup.com.au
dev-covidjourney.woolworthsgroup.com.au
preprod-covidjourney.woolworthsgroup.com.au
woolworthsgroup.com.au
*.woolworthsgroup.com.au
woolworthsmobile.com.au
*.woolworthsmobile.com.au
woolworthsmoney.com.au
www.woolworthsmoney.com.au
woolworthsonline.com.au
*.woolworthsonline.com.au
woolworthspay.com.au
*.woolworthspay.com.au
www.woolworthspetrol.com.au
woolworthsrewards.com.au
*.woolworthsrewards.com.au
Other domains in certificate