Open
Cached
·
just now
90/100
SECURITY SCORE
Certificate Information
Subject
CN=sourceforge.net
Issuer
C=US, O=Let's Encrypt, CN=E7
Valid From
October 27, 2025
Valid Until
January 25, 2026
65 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
7B:FA:22:F2:C3:A5:F2:2C:B1:CF:AF:24:E6:2E:BB:46:18:0F:FF:99:CD:18:0B:53:8E:09:B0:1C:9D:D5:70:DE
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
script-src; upgrade-insecure-requests; frame-ancestors; +4 more
script-src 'self' *.licdn.com a.fsdn.com *.google.com http://c.sf-syn.com http://b.sf-syn.com *.cloudflareinsights.com *.google-analytics.com *.tiny.cloud *.recaptcha.net recaptcha.net *.gstatic.com *.googletagservices.com *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.consentmanager.net *.microsofttranslator.com translate.googleapis.com translate.google.cn *.gstatic.cn *.tds.bid *.adnxs.com *.bing.com *.googleadsserving.cn *.adtrafficquality.google *.doubleverify.com *.ampproject.org *.criteo.net *.creativecdn.com *.crwdcntrl.net *.uidapi.com *.im-apps.net *.euid.eu *.openxcdn.net *.id5-sync.com cdn.jsdelivr.net/gh/prebid/shared-id/ *.pubmatic.com *.33across.com *.permutive.app *.adnxs.com *.adnxs.net *.ybp.yahoo.com *.sharethrough.com *.sharethru.com pghub.io/js/pandg-sdk.js *.a47b.com *.adsafeprotected.com *.flashtalking.com *.ftstatic.com *.betrad.com *.truste.com *.trustarc.com *.slashdotmedia.com *.crsspxl.com http://*.pro-market.net ml314.com html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online cmp.inmobi.com *.inmobicdn.net blob: as.sourceforge.net *.as.sourceforge.net j.6sc.co *.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.usemessages.com *.amazon-adsystem.com fe.sitedataprocessing.com a.usbrowserspeed.com d-code.liadm.com frontend.id-visitors.com *.identitymatrix.ai 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors 'self'; frame-src 'self' a.fsdn.com *.google.com http://c.sf-syn.com http://b.sf-syn.com *.googletagmanager.com *.doubleclick.net *.gstatic.com *.recaptcha.net recaptcha.net *.youtube.com www.youtube-nocookie.com *.consentmanager.net *.googlesyndication.com *.safeframe.usercontent.goog *.adtrafficquality.google *.googleadservices.com *.adnxs.com *.indexww.com *.rubiconproject.com *.criteo.com *.openx.net *.crsspxl.com http://*.pro-market.net *.pubmatic.com *.smartadserver.com *.lijit.com *.adnxs-simple.com error-report.com *.error-report.com html-load.com *.html-load.com *.fb.html-load.com content-loader.com *.content-loader.com *.fb.content-loader.com css-load.com *.css-load.com 07c225f3.online *.07c225f3.online as.sourceforge.net *.as.sourceforge.net app.hubspot.com *.amazon-adsystem.com; fenced-frame-src https:; object-src 'none'; form-action 'self' lists.sourceforge.net
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
geolocation=(), microphone=(), camera=(), payment=(), document-domain=(), display-capture=(), autoplay=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports