SSL/TLS Analysis for pypi.org
Analyzed on November 02, 2025 at 19:11 UTC
Security Score
99
/
100
Certificate Information
Subject
CN=pypi.org
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1
Valid From
February 24, 2025
Valid Until
March 28, 2026
145 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
77:6F:2E:7B:31:91:23:3D:49:5E:1E:19:8E:FB:CB:03:04:CD:16:9A:E8:FE:C8:E1:25:E9:3E:7B:85:AF:46:3A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Strong
base-uri; connect-src; default-src; +8 more
X-Frame-Options
Excellent
deny
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin
Permissions-Policy
Present
publickey-credentials-create=(self),publickey-credentials-get=(self),accelerometer=(),ambient-light-sensor=(),autoplay=(),battery=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),execution-while-not-rendered=(),execution-while-out-of-viewport=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),identity-credentials-get=(),idle-detection=(),local-fonts=(),magnetometer=(),microphone=(),midi=(),otp-credentials=(),payment=(),picture-in-picture=(),screen-wake-lock=(),serial=(),speaker-selection=(),storage-access=(),usb=(),web-share=(),xr-spatial-tracking=()
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Incident Reporting
mailto:[email protected]
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'issuewild' records to control wildcard certificate issuance