Open
Cached
·
just now
93/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=status.comet.rocks
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
January 30, 2026
Valid Until
April 30, 2026
75 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
D5:38:4A:F6:5F:C7:CC:33:8D:7F:30:CA:BC:5E:FD:98:67:17:6A:60:DD:6A:14:BB:3A:12:B5:BE:CF:F6:0A:9E
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
base-uri; child-src; connect-src; +13 more
base-uri 'self'; child-src *.hsforms.com; connect-src 'self' *.incident.io https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk stats.g.doubleclick.net googleads.g.doubleclick.net *.segment.com *.segment.io *.linkedin.com cdn.linkedin.oribi.io *.iubenda.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbit.com wss://*.qualified.com *.qualified.com conversions-config.reddit.com www.redditstatic.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.greenhouse.io https://*.api.sanity.io wss://*.api.sanity.io https://*.vanta.com https://*.chilipiper.com vitals.vercel-insights.com website-6fbk9yjm3-incident-io-team.vercel.app; default-src 'self'; font-src 'self' https: data: fonts.gstatic.com fonts.googleapis.com; form-action 'self' *.hsforms.com; frame-ancestors 'self' https://incident.sanity.studio https://www.sanity.io; frame-src 'self' https: *.googletagmanager.com *.twitter.com *.iubenda.com app.qualified.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com https://incident.navattic.com https://capture.navattic.com; img-src 'self' blob: data: https: *.google-analytics.com *.googletagmanager.com *.google.com *.google.co.uk *.googleusercontent.com stats.g.doubleclick.net *.linkedin.com *.iubenda.com *.clearbitjs.com *.clearbit.com *.qualified.com alb.reddit.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://cdn.sanity.io https://*.chilipiper.com; manifest-src 'self'; media-src 'self' https: data: blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: api.twitter.com platform.twitter.com; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com *.iubenda.com *.hubspotusercontent00.net cdn2.hubspot.net; worker-src 'self'; report-uri https://o494704.ingest.sentry.io/api/4505307188232192/security/?sentry_key=e6127d8d2f894a18918f2018108426e9
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
fullscreen=(self "https://*.youtube.com" "https://*.vimeo.com"), autoplay=(self "https://*.youtube.com" "https://*.vimeo.com"), encrypted-media=(self "https://*.spotify.com"), clipboard-write=(self), picture-in-picture=(self "https://*.youtube.com" "https://*.vimeo.com")
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 4 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance