Open
Cached
·
just now
77/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=s2-san.cloudinary.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
February 07, 2026
Valid Until
May 08, 2026
39 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
F3:F6:E1:B3:CA:EE:95:82:85:15:94:28:A7:7C:FD:B3:81:4D:A2:48:FA:8B:3A:F8:13:EE:53:87:68:87:1F:66
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=604800
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
76 domains
s2-san.cloudinary.com
img.1800contacts.com
cl.activebeat.com
assets.adac.de
assets.ajmadison.com
img.artlogic.net
cdn.belezanaweb.com.br
mcdn.belezanaweb.com.br
images.benseymour.com
assets.bestseller.com
asset.bloomnation.com
assets.celebrate.app
img.chirpbooks.com
img.christofle.com
cld-cdn-qa-res.cloudinary-dev.com
res.cloudinary-dev.com
resa.cloudinary-dev.com
resc.cloudinary-dev.com
resf.cloudinary-dev.com
cloud.cmgfi.com
assets.comparis.ch
dealerimages.dealereprocess.com
photos.encuentra24.com
media.everlane.com
cl.fame10.com
images.famous-smoke.com
medias.fashionnetwork.com
images.fathomevents.com
cl.forkly.com
images.getaroom-cdn.com
optimaxweb.glassesusa.com
static.goldengoose.com
cl.goliath.com
img.guess.com
images.guesswatches.com
assets.hiltonstatic.com
img-4.homely.com.au
assets.iwgplc.com
media.kensingtontours.com
assets.laboutiqueofficielle.com
video-shield.mediavine.com
cdn.musicbed.com
cloud.mysteryscience.com
media.octobre-editions.com
media.officedepot.com
static.outnorth.com
media.owna.com.au
cloudinary.galileo.pgsitecore.com
images.puma.com
media.purehockey.com
img.redbull.com
images.roadid.com
assets.rogueapo.com
assets.rogueaustralia.com.au
assets.roguecanada.ca
assets.rogueeurope.eu
assets.roguefitness.com
images.salsify.com
image.scu.edu
content.seenit.io
media.sezane.com
cloud.shopback.com
cdn.shrm.org
cdn.sleepnumber.com
cl.sportsbreak.com
img.ssensemedia.com
content.surfstitch.com
c.tfstatic.com
media.thereformation.com
images.timex.com
images.top10.com
images.travel-cdn.com
images.twinkl.co.uk
cms.cloudinary.vpsvc.com
images.vtinfo.com
cl.wantable.com
Other domains in certificate