Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 85, 83>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 8, 68, 101, 108, 97, 119, 97, 114, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=4675506, C=US, ST=California, L=South San Francisco, O=Stripe, Inc, CN=a.stripecdn.com
Issuer
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
Valid From
November 12, 2025
Valid Until
February 19, 2026
88 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
02:06:F1:39:10:46:EE:4A:33:2F:40:73:F1:F1:40:F7:0A:E6:7A:CE:1A:11:EC:48:C4:96:EC:FC:05:E4:71:7C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Good
base-uri; connect-src; default-src; +11 more
base-uri 'none'; connect-src https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners blob: https://b.stripecdn.com https://climate.stripe.com https://errors.stripe.com https://ext.stripe.com https://r.stripe.com https://sales-live-chat.stripe.com https://stripe-images.s3.us-west-1.amazonaws.com https://stripe.com https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://tax-connectors.stripe.com 'self'; default-src 'none'; font-src https://b.stripecdn.com 'self'; form-action https://climate.stripe.com https://stripe.com 'self'; frame-ancestors https://app.contentful.com 'self'; frame-src https://checkout.stripe.dev https://support-conversations.stripe.com https://b.stripecdn.com https://checkout.stripe.com https://crypto-js.stripe.com https://js.stripe.com https://sales-live-chat.stripe.com 'self'; img-src data: https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://images.ctfassets.net https://images.stripeassets.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net 'self'; media-src https://assets.ctfassets.net https://assets.stripeassets.com https://b.stripecdn.com https://videos.ctfassets.net https://videos.stripeassets.com 'self'; script-src https://b.stripecdn.com https://crypto-js.stripe.com https://js.stripe.com 'self' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-KxhSaxKB5RFTQsqfRwp+zG7iLjvMrTAySqnSvWlqct0=' 'sha256-tMuJ8c00j54yuxogrdIJeGhNVB350dc56i969XRz/Mc=' 'report-sample'; style-src https://b.stripecdn.com 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests; report-uri https://q.stripe.com/csp-violation?q=x62zsg5PSvfQYucrOI85AMlgWnqRT_mCgzazSPWMp7WsA4cCh6x-fIhWEdy_cCQ%3D
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
44 domains
stripe.network
edge-m.stripe.network
m.stripe.network
edge-m.fastly.cdn.stripe.network
m.fastly.cdn.stripe.network
edge-statics.link.com
statics.link.com
bfcm.stripe.com
book.stripe.com
buy.fastly.cdn.stripe.com
buy.stripe.com
checkout.fastly.cdn.stripe.com
checkout.stripe.com
connect-js.stripe.com
connections-sandbox.stripe.com
donate.stripe.com
edge-book.stripe.com
edge-buy.fastly.cdn.stripe.com
edge-buy.stripe.com
edge-checkout.fastly.cdn.stripe.com
edge-checkout.stripe.com
edge-donate.stripe.com
edge-invoice.fastly.cdn.stripe.com
edge-invoice.stripe.com
edge-js.fastly.cdn.stripe.com
edge-js.stripe.com
invoice.fastly.cdn.stripe.com
invoice.stripe.com
js.fastly.cdn.stripe.com
js.stripe.com
secure-files.fastly.cdn.stripe.com
secure-files.stripe.com
terminal-statics.stripe.com
trust.stripe.com
a.stripecdn.com
b.stripecdn.com
c.stripecdn.com
d.stripecdn.com
docs.fastly.cdn.stripecdn.com
f.fastly.cdn.stripecdn.com
f.stripecdn.com
g.fastly.cdn.stripecdn.com
g.stripecdn.com
stripecdn.com
Other domains in certificate