Open
Cached
·
just now
97/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 70, 82>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 14, 195, 142, 108, 101, 45, 100, 101, 45, 70, 114, 97, 110, 99, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 5, 80, 97, 114, 105, 115>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=399 140 961, C=FR, L=Angers, O=Nameshield SAS, CN=secure.nameshield.net
Issuer
C=US, O=DigiCert Inc, CN=DigiCert EV RSA CA G2
Valid From
August 17, 2025
Valid Until
September 17, 2026
265 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA512-RSA
SHA-256 Fingerprint
B0:39:B4:CE:28:DF:6C:87:45:39:E4:83:93:B6:2C:CD:BA:24:3F:BC:C9:0A:CD:CD:C2:83:8C:EE:DC:8F:99:58
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Strong
default-src; connect-src; font-src; +6 more
default-src 'none'; connect-src data: wss://secure.nameshield.net https://secure.nameshield.net https://idp.nameshield.net; font-src https://idp.nameshield.net; frame-src 'none'; object-src 'none'; img-src data: blob: https://idp.nameshield.net; script-src https://idp.nameshield.net 'nonce-LNYF0fW+b0wdFgqA/q3T0NVw'; style-src https://idp.nameshield.net 'nonce-LNYF0fW+b0wdFgqA/q3T0NVw'; report-uri https://reports.nameshield.net/
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), oversized-images=(), payment=(), picture-in-picture=(), publickey-credentials=(), sync-xhr=(*), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports