SSL Certificate Analysis for resideo.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

DigiCert

Certificate Information

Subject

C=US, ST=Arizona, L=Scottsdale, O=Resideo Technologies, Inc, CN=www.resideo.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Valid From

January 16, 2026

Valid Until

January 15, 2027 253 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

13:12:7B:46:0E:C4:CD:9F:78:12:E3:5A:DC:43:78:7C:88:11:8F:9E:BA:34:08:BF:3D:6F:7A:5A:86:34:05:AB

Alternative Names

105 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains;

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Present

ALLOW-FROM https://resideo.ziftone.com/,https://proportal.resideo.com/,https://pro.resideo.com/,https://resideostaging.staging.ziftone.com/,https://resideo.netdimensions.com/,https://deploy-preview-437--resideo-pro.netlify.com/,https://fxm/,https://resideo-pro-perks.my-rewardsonline/

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

amazon.com amazontrust.com comodoca.com digicert.com ; cansignhttpexchanges=yes identrust.com letsencrypt.org pki.goog ; cansignhttpexchanges=yes ssl.com

Wildcard CAs

pki.goog ; cansignhttpexchanges=yes ssl.com comodoca.com digicert.com ; cansignhttpexchanges=yes letsencrypt.org

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• You have authorized 8 CAs - consider limiting to only the CAs you actively use
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

105 domains

Other domains in certificate

adiglobal.com authoring.adiglobal.com cu.region.adiglobal.com cu.region.staging.adiglobal.com eu2.region.rde.adiglobal.com eu2.region.staging.adiglobal.com preview.adiglobal.com staging.adiglobal.com www.adiglobal.com

authoring.brkelectronics.com brkelectronics.com cu.region.brkelectronics.com cu.region.staging.brkelectronics.com eu2.region.brkelectronics.com eu2.region.staging.brkelectronics.com preview.brkelectronics.com staging.brkelectronics.com www.brkelectronics.com

authoring.connectedsavings.com connectedsavings.com cu.region.connectedsavings.com cu.region.staging.connectedsavings.com eu2.region.connectedsavings.com eu2.region.staging.connectedsavings.com preview.connectedsavings.com staging.connectedsavings.com www.connectedsavings.com

authoring.firstalert.com cu.region.firstalert.com cu.region.staging.firstalert.com eu2.region.firstalert.com eu2.region.staging.firstalert.com firstalert.com preview.firstalert.com qa.firstalert.com staging.firstalert.com www.firstalert.com

authoring.honeywellhome.com cdn.honeywellhome.com cu.region.honeywellhome.com cu.region.staging.honeywellhome.com eu2.region.honeywellhome.com eu2.region.staging.honeywellhome.com honeywellhome.com preview.honeywellhome.com staging.honeywellhome.com www.honeywellhome.com