Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=California, L=San Jose, O=Nutanix, Inc., CN=*.nutanix.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
Valid From
March 11, 2025
Valid Until
March 25, 2026
65 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
75:12:D1:1E:CD:2B:00:86:3C:C9:43:16:A1:ED:C1:02:78:77:89:0A:6E:C2:95:22:74:3A:42:EA:E7:2D:EF:C7
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000 ; includeSubDomains
Content-Security-Policy
Basic
Upgrade-Insecure-Requests; object-src; frame-ancestors; +4 more
Upgrade-Insecure-Requests; object-src 'none'; frame-ancestors 'self' https://next2025.nutanix.com https://*.adobeaemcloud.com https://*.nutanix.com https://*.nutanix.cn https://*.ziftsolutions.com https://*.site.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.1mind.com https://*.quora.com https://*.soundcloud.com https://*.bizible.com https://*.pister.dev https://*.fontawesome.com https://*.youtube.com https://*.audiodub.app https://*.2o7.net https://*.6sc.co https://*.addtoany.com https://*.adobe.com https://*.adobedtm.com https://*.bing.com https://*.baidu.com https://*.brightcove.com https://*.brightcove.net https://*.bttrack.com https://*.cheqzone.com https://*.clarity.ms https://*.clearbit.com https://*.cloudflare.com https://*.cookielaw.org https://*.d41.co https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.engagio.com https://*.everestjs.net https://*.facebook.net https://*.fullstory.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.hotjar.com https://*.hushly.com https://*.intercom.io https://*.intercomcdn.com https://*.licdn.com https://*.listenloop.com https://*.marketo.com https://*.marketo.net https://*.ml314.com https://*.adobeaemcloud.com https://*.adobeaemcloud.com.seg.js https://*.nutanix.cn https://*.nutanix.com https://*.nutanix.com.seg.js https://*.outbrain.com https://*.peerspot.com https://*.recaptcha.net https://*.redditstatic.com https://*.sndcdn.com https://*.twitter.com https://*.zemanta.com https://*.zencdn.net https://bttrack.com https://ml314.com https://*.jquery.com https://unpkg.com https://*.ziftsolutions.com https://ziftsolutions.com https://*.taboola.com; connect-src 'self' https: data: blob:; img-src 'self' https: data: blob:; worker-src 'self' blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Incident Reporting
mailto:[email protected]
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'issuewild' records to control wildcard certificate issuance