Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=Illinois, O=Abbott Laboratories, CN=payer.freestyle.abbott
Issuer
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Organization Validation Secure Server CA
Valid From
May 07, 2025
Valid Until
May 07, 2026
127 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
62:77:66:FB:D8:3F:4A:4D:5D:53:6C:E3:BD:84:7A:AF:9A:1C:A3:5F:9D:F6:EF:FF:86:11:F2:8F:E0:F1:79:7B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31557600
Content-Security-Policy
Basic
default-src; script-src; script-src-elem; +8 more
default-src 'self' https: ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob: ; form-action 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; connect-src 'self' blob: https: wss://collection.decibelinsight.net/ ; media-src 'self' blob: https: ; font-src 'self' data: https: ; frame-src 'self' tel: https: ;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
microphone=(),camera=(self)
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
32 domains
fsl2.freestyle.abbott
fsl3.freestyle.abbott
mfs.freestyle.abbott
payer.freestyle.abbott
pro.freestyle.abbott
provider.freestyle.abbott
sample.freestyle.abbott
startmyfreestyle.freestyle.abbott
www.freestyle.abbott
www.provider.freestyle.abbott
www.sample.freestyle.abbott
jp.abbott-diabetescare.com
lingo.abbott.com
www.diabetescare.abbott
conseguiloaqui.freestylelibre.com
www.freestylelibre.com.ar
www.freestylelibre.de
trycgmsamples-provider.freestylelibre.us
www.freestylelibrepro.com
www.freestylelibreproiq.com
www.freestyleprovider.abbott
keto.hellolingo.com
www.hellolingo.com
www.librerio.com
libresense.abbott
www.libresense.abbott
www.medicalaffairs.abbott
provider.myfreestyle.com
support.myfreestyle.com
www.myfreestyle.com
www.provider.myfreestyle.com
www.startmyfreestyle.com
Other domains in certificate