Open
Cached
·
just now
86/100
SECURITY SCORE
Certificate Information
Subject
CN=sourceforge.net
Issuer
C=US, O=Let's Encrypt, CN=E7
Valid From
October 27, 2025
Valid Until
January 25, 2026
66 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
7B:FA:22:F2:C3:A5:F2:2C:B1:CF:AF:24:E6:2E:BB:46:18:0F:FF:99:CD:18:0B:53:8E:09:B0:1C:9D:D5:70:DE
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
fenced-frame-src; form-action; frame-src; +4 more
fenced-frame-src https:; form-action 'self' lists.sourceforge.net; frame-src 'self' a.fsdn.com *.google.com http://c.sf-syn.com http://b.sf-syn.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.recaptcha.net recaptcha.net *.youtube.com www.youtube-nocookie.com *.consentmanager.net *.googlesyndication.com *.safeframe.usercontent.goog *.adtrafficquality.google *.googleadservices.com *.adnxs.com *.indexww.com *.rubiconproject.com *.criteo.com *.openx.net *.crsspxl.com http://*.pro-market.net *.pubmatic.com *.smartadserver.com *.lijit.com *.adnxs-simple.com error-report.com *.error-report.com html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online as.sourceforge.net *.as.sourceforge.net app.hubspot.com *.amazon-adsystem.com; frame-ancestors 'self'; script-src 'self' adservice.google.lv *.googleadsserving.cn adservice.google.ca *.tds.bid *.flashtalking.com *.identitymatrix.ai adservice.google.la adservice.google.cv adservice.google.az *.ftstatic.com adservice.google.co.zm adservice.google.co.th adservice.google.com.sa *.openxcdn.net adservice.google.mn adservice.google.com.jm adservice.google.com.kh adservice.google.tt http://*.pro-market.net adservice.google.ga adservice.google.no adservice.google.com.ai adservice.google.co.za *.uidapi.com *.slashdotmedia.com adservice.google.com.bo *.hs-scripts.com adservice.google.ee adservice.google.so adservice.google.tg *.bing.com adservice.google.is adservice.google.co.bw adservice.google.co.tz adservice.google.com.pr adservice.google.lk adservice.google.as adservice.google.co.jp adservice.google.it adservice.google.com.pe adservice.google.bf adservice.google.pl content-loader.com adservice.google.al adservice.google.ch adservice.google.com.sv adservice.google.vg *.adsafeprotected.com adservice.google.com.ly recaptcha.net *.googlesyndication.com adservice.google.tl adservice.google.gr adservice.google.ws adservice.google.je adservice.google.gy *.sharethrough.com js.hs-analytics.net adservice.google.es adservice.google.com.py adservice.google.com.tw adservice.google.com.cy adservice.google.mu *.crwdcntrl.net adservice.google.me *.sharethru.com adservice.google.hn adservice.google.cl j.6sc.co adservice.google.to d-code.liadm.com *.a47b.com adservice.google.hu *.content-loader.com adservice.google.com.et *.css-load.com *.truste.com *.googletagservices.com adservice.google.co.nz adservice.google.co.ls *.recaptcha.net adservice.google.com.bd a.fsdn.com adservice.google.com.my adservice.google.bi blob: adservice.google.co.cr adservice.google.fr adservice.google.com.na adservice.google.ae adservice.google.com.au adservice.google.com.bh adservice.google.tn adservice.google.ci adservice.google.com.ag adservice.google.com.kw translate.googleapis.com *.betrad.com adservice.google.com.tr adservice.google.iq adservice.google.co.mz adservice.google.com.tj adservice.google.mg adservice.google.rs adservice.google.at adservice.google.com.ng *.google-analytics.com *.fb.html-load.com *.adnxs.net adservice.google.nu adservice.google.co.ug adservice.google.com.ar adservice.google.bj adservice.google.kz adservice.google.co.il adservice.google.gl adservice.google.rw adservice.google.ml adservice.google.com.vc adservice.google.fm *.33across.com adservice.google.dk adservice.google.im adservice.google.li adservice.google.com.qa adservice.google.co.in css-load.com fe.sitedataprocessing.com *.licdn.com adservice.google.ie adservice.google.ht html-load.com adservice.google.md *.doubleverify.com adservice.google.co.ck adservice.google.cz js.usemessages.com *.07c225f3.online *.as.sourceforge.net adservice.google.com.fj adservice.google.co.ao adservice.google.co.kr *.microsofttranslator.com adservice.google.lu adservice.google.mw *.html-load.com translate.google.cn adservice.google.kg adservice.google.com.np adservice.google.com.lb *.doubleclick.net adservice.google.com.br adservice.google.co.zw adservice.google.ad adservice.google.co.ke adservice.google.ms *.googletagmanager.com adservice.google.com.vn adservice.google.ki adservice.google.mk adservice.google.cd *.adnxs.com adservice.google.fi adservice.google.cm cdn.jsdelivr.net/gh/prebid/shared-id/ adservice.google.ne adservice.google.com.mt *.pubmatic.com a.usbrowserspeed.com adservice.google.co.id adservice.google.vu *.euid.eu adservice.google.dz *.tiny.cloud *.google.com adservice.google.com.uy adservice.google.ge adservice.google.sc adservice.google.com.bz adservice.google.st adservice.google.com.pg adservice.google.com.sg adservice.google.hr adservice.google.com.ua *.consentmanager.net adservice.google.sk adservice.google.com.ec adservice.google.com.co adservice.google.com.gt adservice.google.ru *.trustarc.com adservice.google.com.ph adservice.google.nl http://c.sf-syn.com adservice.google.dm adservice.google.co.uk adservice.google.dj adservice.google.com.sb adservice.google.co.uz 07c225f3.online adservice.google.td adservice.google.com.om adservice.google.bg adservice.google.de *.ampproject.org adservice.google.co.ve *.gstatic.com adservice.google.bt js.hscollectedforms.net adservice.google.com.mx adservice.google.com.pk frontend.id-visitors.com adservice.google.gm *.inmobicdn.net cmp.inmobi.com *.adtrafficquality.google *.id5-sync.com adservice.google.se adservice.google.com.ni adservice.google.cf adservice.google.ro adservice.google.nr adservice.google.co.vi *.cloudflareinsights.com adservice.google.com.af adservice.google.lt adservice.google.com.bn http://b.sf-syn.com adservice.google.gt adservice.google.com.hk adservice.google.tm adservice.google.com.gi adservice.google.sm *.creativecdn.com adservice.google.mv *.amazon-adsystem.com adservice.google.com.eg adservice.google.ps adservice.google.pt *.ybp.yahoo.com adservice.google.jo as.sourceforge.net ml314.com *.fb.content-loader.com adservice.google.be adservice.google.sr *.gstatic.cn adservice.google.si pghub.io/js/pandg-sdk.js adservice.google.cg *.im-apps.net adservice.google.gg adservice.google.sn *.permutive.app *.crsspxl.com js.hs-banner.com adservice.google.com.mm *.criteo.net adservice.google.com.cu js.hsadspixel.net adservice.google.com.pa adservice.google.com.gh adservice.google.bs 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
geolocation=(), microphone=(), camera=(), payment=(), document-domain=(), display-capture=(), autoplay=()
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports