SSL Certificate Analysis for opensea.io - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=opensea.io

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 09, 2025

Valid Until

March 09, 2026 65 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

38:3F:61:19:74:C8:39:04:45:24:86:F8:6F:9A:0D:1A:DE:33:AC:A6:4A:D3:78:42:40:D7:82:68:30:D3:EF:A8

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +11 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://os2-fqbf8.quill.run https://widget.intercom.io/widget/rws4jyr5 https://js.intercomcdn.com https://static.moonpay.com https://static.seadn.io/os2/tv_library/charting_library/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.seadn.io/os2/tv_library/charting_library/; connect-src 'self' data: wss://os2-wss.prod.privatesea.io wss://api.hyperliquid.xyz https://api.hyperliquid.xyz https://gql.opensea.io https://features.opensea.io https://static.seadn.io https://i2.seadn.io https://*.mux.com *.openseaprorelayproxy.com https://api.amplitude.com https://api2.amplitude.com https://sr-client-cfg.amplitude.com https://o406206.ingest.sentry.io https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com/ https://os2-fqbf8.quill.run https://api.mainnet.abs.xyz https://arb1.arbitrum.io/rpc https://nova.arbitrum.io/rpc https://eth.merkle.io https://api.avax.network/ext/bc/C/rpc https://api.avax-test.network/ext/bc/C/rpc https://rpc.blast.io https://56.rpc.thirdweb.com https://mainnet.evm.nodes.onflow.org https://public-en-cypress.klaytn.net https://polygon-rpc.com https://rpc-amoy.polygon.technology https://mainnet.base.org https://sepolia.base.org https://sepolia.drpc.org https://rpc.zora.energy https://evm-rpc.sei-apis.com/ https://rpc.berachain.com https://api.roninchain.com/rpc https://rpc.soneium.org https://mainnet.shape.network https://mainnet.unichain.org/ https://mainnet-rpc.b3.fun/http https://cloudflare-eth.com https://mainnet.infura.io https://*.llamarpc.com https://*.g.alchemy.com https://*.quiknode.pro https://rpc.monad.xyz https://rpc.hyperliquid.xyz/evm https://thrumming-blue-uranium.solana-mainnet.quiknode.pro wss://thrumming-blue-uranium.solana-mainnet.quiknode.pro https://rpc.gunzchain.io https://api.infra.mainnet.somnia.network https://auth-api.infra.mainnet.somnia.network https://swr.xnftdata.com/rpc-proxy/ https://wallets.opensea.io/ https://www.walletlink.org wss://www.walletlink.org https://pulse.walletconnect.org https://api.web3modal.org wss://relay.walletconnect.org https://metamask-sdk.api.cx.metamask.io https://mm-sdk-analytics.api.cx.metamask.io wss://metamask-sdk.api.cx.metamask.io https://chain-proxy.wallet.coinbase.com https://cca-lite.coinbase.com https://*.intercom.io https://*.intercomcdn.com https://*.intercomassets.com wss://*.intercom.io https://prod-mainnet-temp-uploads.s3.us-east-1.amazonaws.com https://api.moonpay.com https://moonpay.com https://auth.privy.io https://seadn-original-media.s3.us-east-1.amazonaws.com https://vitals.vercel-insights.com; img-src 'self' blob: data: https://opensea.io https://static.opensea.io https://*.featurebase-attachments.com https://fb-usercontent.fra1.cdn.digitaloceanspaces.com https://static.seadn.io https://raw2.seadn.io https://i2.seadn.io https://i2c.seadn.io https://image.mux.com https://stream.mux.com https://*.canarytokens.org/ https://canarytokens.org/ https://*.intercomcdn.com https://*.intercomassets.com https://cdnjs.cloudflare.com/ajax/libs/twemoji/ https://cdn.prod.website-files.com https://media.veefriends.com/ https://i.ibb.co/ https://app.hyperliquid.xyz/coins/; media-src 'self' blob: data: https://raw2.seadn.io https://static.seadn.io https://i2.seadn.io https://i2c.seadn.io https://image.mux.com https://stream.mux.com; font-src 'self' https://fonts.gstatic.com https://static.seadn.io/os2/tv_library/charting_library/; object-src 'none'; base-uri 'self' https://static.seadn.io/os2/tv_library/charting_library/; form-action 'self'; frame-ancestors https://wallets.opensea.io/ https://privy.wallets.opensea.io; frame-src 'self' https://wallets.opensea.io/ https://privy.wallets.opensea.io https://auth.privy.io https://*.moonpay.com https://i2.seadn.io https://i2c.seadn.io https://static.seadn.io https: blob:; block-all-mixed-content; upgrade-insecure-requests;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

opensea.io mcp-beta.opensea.io