Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
CN=redirector.optania.ai
Issuer
C=US, O=Let's Encrypt, CN=E8
Valid From
January 02, 2026
Valid Until
April 02, 2026
79 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
67:6E:63:AD:93:7F:5B:46:1C:54:40:0E:08:D7:37:7B:A0:06:0F:3B:B0:5E:F3:9C:DF:A2:49:2D:BE:E8:AA:A0
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=16070400; includeSubDomains
Content-Security-Policy
Basic
default-src; base-uri; form-action; +3 more
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.psylio.com psylio-staging-documents.s3.ca-central-1.amazonaws.com epsylio-production-documents.s3.ca-central-1.amazonaws.com dfjogbk1v3oj5.cloudfront.net d3oc56gtmg6tf0.cloudfront.net www.googletagmanager.com www.facebook.com *.facebook.net *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.stripe.com snap.licdn.com px.ads.linkedin.com cdn.linkedin.oribi.io cdn-cookieyes.com directory.cookieyes.com log.cookieyes.com consentlog.cookieyes.com crm.zohopublic.com data: blob:; base-uri 'none'; form-action 'self' crm.zoho.com *.psylio.com www.facebook.com; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports