Open
Cached
·
just now
97/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 70, 82>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 14, 195, 142, 108, 101, 45, 100, 101, 45, 70, 114, 97, 110, 99, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 5, 80, 97, 114, 105, 115>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=399 140 961, C=FR, L=Angers, O=Nameshield SAS, CN=www.nameshield.com
Issuer
C=US, O=DigiCert Inc, CN=Thawte EV RSA CA G2
Valid From
August 29, 2025
Valid Until
September 29, 2026
279 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA512-RSA
SHA-256 Fingerprint
3B:98:02:09:76:78:E3:AB:84:47:19:1D:1D:49:BE:77:74:81:D9:8B:77:A9:F0:5D:CF:29:AA:7F:F3:0F:FC:E5
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; report-uri
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
microphone=(), accelerometer=(), battery=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), payment=(), usb=(), vr=(), wake-lock=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance