Open
Cached
·
just now
83/100
SECURITY SCORE
Certificate Information
Subject
CN=sonatype.com
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
September 29, 2025
Valid Until
December 29, 2025
34 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
D5:BB:95:36:CC:44:81:FA:D0:F0:4E:2B:47:8C:B4:FB:7A:A9:0E:44:79:AD:1F:3C:14:7D:E0:A3:B1:F6:5E:DB
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
script-src; connect-src; style-src; +2 more
script-src 'unsafe-eval' https://analytics.revsure.cloud/ *.sonatype.com consent.cookiebot.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js *.googletagmanager.com *.hsadspixel.net *.hs-analytics.net js.hscta.net js-eu1.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com feedback-eu1.hubapi.com 'strict-dynamic' 'nonce-dDI/sFFFIW8+M0QY39ha4Q=='; connect-src http://api.rudderstack.com/ https://analytics.revsure.cloud/ *.adsrvr.org https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://widget.kapa.ai https://*.qualified.com wss://*.qualified.com wss://ws.hotjar.com https://c.6sc.co/ *.adnxs.com *.7roundprince.com *.hotjar.io *.navattic.com *.lunio.ai *.google-analytics.com *.jscharting.com *.hsforms.com bat.bing.com bat.bing.net eps.6sc.co *.cookiebot.com https://cdn.growthbook.io https://ipv6.6sc.co/ https://stats.g.doubleclick.net https://ibc-flow.techtarget.com *.amazonaws.com https://pixel-config.reddit.com *.redditstatic.com *.6sense.com *.zoominfo.com *.google.com *.linkedin.com *.hubapi.com js.hscta.net js-eu1.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.sonatype.com *.visualwebsiteoptimizer.com; style-src https://analytics.revsure.cloud/ https://*.qualified.com https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css *.hsappstatic.net *.hubspotusercontent-na1.net *.typekit.net *.hubspot.net *.sonatype.com 'unsafe-inline'; frame-ancestors 'self' *.sonatype.com; upgrade-insecure-requests
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports