SSL Certificate Analysis for my.apnic.net - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=my.apnic.net

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

November 06, 2025

Valid Until

February 04, 2026 78 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F4:8D:77:4C:B0:69:AA:43:59:91:8E:73:9A:E0:2A:2E:96:D8:A5:C9:95:41:E8:9F:89:0A:F3:A1:40:F4:7C:F6

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000;

Content-Security-Policy

Basic

base-uri; block-all-mixed-content; object-src; +8 more

base-uri https://my.apnic.net; block-all-mixed-content; object-src 'none'; default-src 'self' https://wp.my.apnic.net/wp; connect-src 'self' https://*.apnic.net https://*.apnic.int https://wp.my.apnic.net/wp https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://sentry.io https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://apnic--stagingenv.sandbox.my.salesforce.com https://apnic--stagingenv.sandbox.my.site.com https://apnic.my.salesforce.com https://apnic.my.site.com https://service.force.com; font-src 'self' https://wp.my.apnic.net/wp data: https://*.apnic.net https://*.apnic.int https://fonts.gstatic.com https://script.hotjar.com; script-src 'self' https://wp.my.apnic.net/wp https://*.apnic.net https://*.apnic.int 'unsafe-eval' https://browser.sentry-cdn.com 'unsafe-inline' https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://www.google.ae https://www.google.be https://www.google.com.lb https://www.google.com.my https://www.google.com.pa https://www.google.dk https://www.google.iq https://www.google.nl https://www.google.no https://www.google.ro https://www.googletagmanager.com https://apnic--stagingenv.sandbox.my.salesforce.com https://apnic--stagingenv.sandbox.my.site.com https://apnic.my.salesforce.com https://apnic.my.site.com https://service.force.com https://static.lightning.force.com https://b.static.lightning.force.com https://*.salesforceliveagent.com; img-src 'self' https://wp.my.apnic.net/wp https://*.apnic.net data: https://*.gravatar.com https://script.hotjar.com https://static.hotjar.com https://stats.g.doubleclick.net https://translate.google.com https://www.google-analytics.com https://www.google.as https://www.google.az https://www.google.be https://www.google.bg https://www.google.bg https://www.google.bi https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.ck https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.za https://www.google.com https://www.google.com.af https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bn https://www.google.com.br https://www.google.com.co https://www.google.com.eg https://www.google.com.fj https://www.google.com.hk https://www.google.com.kh https://www.google.com.mm https://www.google.com.mx https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.tr https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fm https://www.google.fr https://www.google.ie https://www.google.im https://www.google.it https://www.google.ki https://www.google.la https://www.google.lk https://www.google.lt https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.td https://www.google.tl https://www.google.tw https://www.google.vu https://www.google.ws https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' https://wp.my.apnic.net/wp https://*.apnic.net https://*.apnic.int https://translate.googleapis.com https://script.hotjar.com https://static.hotjar.com 'unsafe-inline' https://apnic--stagingenv.sandbox.my.salesforce.com https://apnic--stagingenv.sandbox.my.site.com https://apnic.my.salesforce.com https://apnic.my.site.com https://service.force.com; frame-src 'self' https://*.apnic.net https://*.apnic.int https://apnic--stagingenv.sandbox.my.salesforce.com https://apnic--stagingenv.sandbox.my.site.com https://apnic.my.salesforce.com https://apnic.my.site.com https://vars.hotjar.com https://service.force.com https://td.doubleclick.net; frame-ancestors 'self' https://*.apnic.net https://*.apnic.int

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Present

no-referrer, same-origin, strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

letsencrypt.org

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

1 domain

my.apnic.net