SSL Certificate Analysis for ntucfirstcampus.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=ntucfirstcampus.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 21, 2025

Valid Until

March 21, 2026 61 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

32:4B:B6:F2:FC:6D:C9:BE:1D:F9:F3:08:98:5C:9D:61:B2:0F:E5:A8:EE:77:02:4E:E8:7B:72:1E:83:7C:F4:0E

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; img-src; +7 more

default-src 'self' blob: https://youtube.com/ https://*.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://cdn.jsdelivr.net/ https://qvdt3feo.com/events.js https://scripts.clarity.ms/ https://*.vimeo.com/ https://*.nitrocdn.com/ https://tags.srv.stackadapt.com/ https://nitroscripts.com/ https://cdn-iladflb.nitrocdn.com/ https://analytics.tiktok.com/ https://cdnjs.cloudflare.com/ https://fast.wistia.com/ https://www.google.com/ https://script.hotjar.com/ https://www.googleadservices.com/ https://www.clarity.ms/ https://static.hotjar.com/ https://beacon-v2.helpscout.net/ https://cdn.jsdelivr.net/ https://js.hsforms.net/ https://www.eventbrite.com/ https://connect.facebook.net/signals/ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ https://snap.licdn.com/ https://www.google-analytics.com https://youtube.com/ https://*.youtube.com https://*.google.com https://*.gstatic.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/en_US/fbevents.js https://pi.pardot.com/pd.js https://cdn.linkedin.oribi.io/2926194/oribili.js pi.pardot.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion https://googleads.g.doubleclick.net/; img-src * 'self' data: https://www.google-analytics.com https://*.googleapis.com https://maps.gstatic.com https://googleads.g.doubleclick.net/ https://*.google.com/; connect-src 'self' https://cdn.jsdelivr.net/ https://www.facebook.com/privacy_sandbox/* blob: https://www.googletagmanager.com/ https://*.vimeo.com/ https://vimeo.com/ https://www.onemap.gov.sg/ https://*.nitrocdn.com/ https://adservice.google.com/ https://tags.srv.stackadapt.com/ https://to.getnitropack.com/ https://www.google.com/ https://cdn-iladflb.nitrocdn.com/ https://analytics.tiktok.com/ https://px.ads.linkedin.com https://pipedream.wistia.com/ https://distillery.wistia.com/ https://fast.wistia.com/ https://beaconapi.helpscout.net/ https://ka-f.fontawesome.com/ https://google.com/ https://*.cloudfront.net/ https://yoast.com/ https://forms.hsforms.com/ https://px.ads.linkedin.com/wa/ https://pagead2.googlesyndication.com/ https://*.clarity.ms/collect https://n.clarity.ms/collect https://j.clarity.ms/collect https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io/partner/4342932/domain/ntucfirstcampus.com/token https://www.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://stats.g.doubleclick.net/ https://www.facebook.com/tr/ *.oribi.io/event https://cdn.linkedin.oribi.io/partner; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://*.nitrocdn.com/ https://tags.srv.stackadapt.com/ https://*.ntucfirstcampus.com/ https://cdn-iladflb.nitrocdn.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/ https://*.googleapis.com; font-src 'self' https://*.nitrocdn.com/ https://*.ntucfirstcampus.com/ https://cdn-iladflb.nitrocdn.com/ https://fast.wistia.com/ https://maxcdn.bootstrapcdn.com data: https://cdn.rawgit.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/ https://fonts.gstatic.com; frame-src 'self' data: https://www.googletagmanager.com/ https://*.spotify.com/ https://*.nitrocdn.com/ https://forms.hsforms.com/ https://www.eventbrite.com/ https://player.vimeo.com/ https://smartslider3.com/ https://td.doubleclick.net/ https://www.facebook.com/ https://www.youtube-nocookie.com/ https://youtube.com/ https://*.youtube.com https://*.google.com https://8878558.fls.doubleclick.net; media-src 'self' https://www.youtube.com/ https://*.youtube.com https://*.cdninstagram.com https://*.fbcdn.net; object-src 'self' https://*.nitrocdn.com/;frame-ancestors 'self' https://*.google.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

ntucfirstcampus.com