Open
Cached
·
just now
87/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
C=US, ST=Massachusetts, L=Boston, O=PTC Inc, CN=*.ptc.com
Issuer
C=US, O=IdenTrust, OU=HydrantID Trusted Certificate Service, CN=HydrantID Server CA O1
Valid From
March 19, 2025
Valid Until
April 13, 2026
55 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
BE:69:E2:AB:A7:5A:50:46:6F:5E:B9:CF:C6:70:D2:18:C5:01:8E:42:E9:46:BF:29:47:DB:D3:00:9D:8F:72:8D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
letsencrypt.org
pki.goog
ssl.com
sectigo.com
quovadisglobal.com
digicert.com
identrust.com
globalsign.com
pki.goog
; cansignhttpexchanges=yes
amazon.com
Recommendations
- • You have authorized 10 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts