Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 2, 80, 76>>}, UNKNOWN={:asn1_OPENTYPE, "\f\fmałopolskie"}, UNKNOWN={:asn1_OPENTYPE, "\f\aKraków"}, UNKNOWN=0000594747, C=PL, ST=małopolskie, L=Kraków, UNKNOWN={:asn1_OPENTYPE, <<19, 6, 51, 48, 45, 55, 50, 55>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 15, 80, 97, 110, 97, 32, 84, 97, 100, 101, 117, 115, 122, 97, 32, 50>>}, O=nazwa.pl sp. z o.o., CN=nazwa.pl
Issuer
C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Extended Validation CA SHA2
Valid From
March 13, 2025
Valid Until
March 13, 2026
121 days
Public Key
ECDSA
384 bit
(P-384)
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
29:EE:38:C7:34:36:F9:C4:CC:A1:EF:C1:A0:47:DB:E7:82:9E:8A:CD:82:C9:A9:53:C1:83:22:AA:78:4D:0C:CD
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Significantly strengthen CSP directives
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Not Authorized
(Potential misconfiguration)
Authorized CAs
Wildcard CAs
CAA Issues
- • CRITICAL: Current certificate issuer 'C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Extended Validation CA SHA2' is NOT authorized by CAA records. Authorized CAs: sectigo.com, certum.pl
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts