Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=portal.azure
Issuer
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08
Valid From
December 05, 2025
Valid Until
June 03, 2026
158 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA384-RSA
SHA-256 Fingerprint
55:D7:39:46:F0:20:A7:DE:81:1F:79:97:BA:71:2C:EE:0B:71:66:E8:F9:76:B4:23:2F:9B:20:8B:DE:EC:61:DC
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
base-uri; font-src; form-action; +12 more
base-uri 'none'; font-src 'self' data: https://*.microsoft.com http://c.s-microsoft.com https://c.s-microsoft.com https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://assets.onestore.ms; form-action 'self' https://*.microsoft.com https://*.bing.com; frame-ancestors 'self' https://*.microsoft.com https://*.bing.com chrome-untrusted://dual-search; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://statics-marketingsites-eas-ms-com.akamaized.net https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://assets.onestore.ms; script-src 'nonce-dtuRamVG9qnpEm54KTgZ2aox' 'strict-dynamic'; upgrade-insecure-requests; default-src 'self' https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://*.microsoft.com; require-trusted-types-for 'script'; connect-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.bing.com https://*.bing.net https://*.clarity.ms https://js.monitor.azure.com https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net https://consentreceiverfd-prod.azurefd.net https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.licdn.com/ https://boost.mediation.trafficmanager.net https://boost-client-czcnbahycxbnamaq.b01.azurefd.net https://*.adnxs.com https://app.adjust.com; frame-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.msn.com https://*.msn.cn https://*.bing.com https://www.youtube-nocookie.com https://microsoft-store-11800745.azurewebsites.net https://*.tiktok.com; media-src 'self' https://edgestatic.azureedge.net https://edgecdn-embza6g8cacagcbn.z01.azurefd.net https://edgecdn-embza6g8cacagcbn.b02.azurefd.net;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
camera=(self), display-capture=(), fullscreen=(self), geolocation=(), microphone=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
198 domains
summit.microsoftedge.com
365.microsoft
about.microsoft
account.microsoft
api.bing
apps.windows
forums.arahistoryuntold.com
www.aspire.dev
azure.microsoft
azuresre.ai
www.azuresre.ai
band.microsoft
bing.microsoft
bingrewards.com
www.bingrewards.com
breakingintosecuritypodcast.com
www.breakingintosecuritypodcast.com
business.skype
c.bing
call.skype
cloud.microsoft
co.hotmail
www.minit.co.il
www.minit.co.in
www.minit.co.it
com.bing
www.minit.com.cy
www.minit.com.hk
com.hotmail
com.microsoft
www.minit.com.tw
www.minit.com.vn
com.windows
com.xbox
core.windows
corp.microsoft
cortana.windows
data.microsoft
designer.new
www.designer.new
designlab.xbox
dns.azure
documentdb.net
www.documentdb.net
documentdb.org
www.documentdb.org
download.microsoft
dynamics.microsoft
edge.microsoft
edge.windows
empowering.microsoft
entertainment.xbox
env.new
www.env.new
exploresharepointspaces.com
www.exploresharepointspaces.com
gamepass.xbox
games.windows
gamestack.microsoft
go.microsoft
groove.microsoft
hackingstem.microsoft
hololens.microsoft
home.azure
home.bing
home.hotmail
home.microsoft
home.skype
home.windows
home.xbox
hotmail.hotmail
hotmail.xbox
ie.windows
ieonline.microsoft
images.bing
imap.hotmail
inbox.hotmail
industrydataforsociety.org
www.industrydataforsociety.org
industrydataforsocietypartnership.com
www.industrydataforsocietypartnership.com
industrydataforsocietypartnership.org
www.industrydataforsocietypartnership.org
integrity.microsoft
ipv6.microsoft
live.xbox
login.microsoft
lumia.microsoft
lumia.windows
m.hotmail
m365.microsoft
m365.office
mail.bing
mail.hotmail
manufacturing.microsoft
maps.bing
media.azure
www.media.azure
microsoft.bing
copilotlabs.microsoft.com
readingprogress.int.microsoft.com
timehub.microsoft.com
microsoft.windows
microsoft.xbox
microsoft365.microsoft
microsoft365.office
microsoftadvertisingpartners.com
www.microsoftadvertisingpartners.com
www.microsoftevents.com
minecraft.com
www.minecraft.com
www.minit.ai
www.minit.at
www.minit.com.mx
www.minit.hk
www.minit.hr
www.minit.ie
www.minit.in
www.minit.lt
www.minit.lv
www.minit.tw
mixedrealitytoolkit.org
www.mixedrealitytoolkit.org
msn.hotmail
msoid.hotmail
music.xbox
my.microsoft
mydesign.new
www.mydesign.new
net.microsoft
news.bing
ntservicepack.microsoft
office.microsoft
org.microsoft
outlook.hotmail
pc.windows
phone.windows
playanywhere.xbox
playwright.com
www.playwright.com
pop.hotmail
portal.azure
portal.microsoft
productivity.microsoft
promoteiq.com
www.promoteiq.com
remix3d.microsoft
search.bing
search.microsoft
securethejobpodcast.com
www.securethejobpodcast.com
sip.hotmail
smtp.hotmail
ssl.bing
store.windows
store.xbox
support.azure
support.bing
support.hotmail
support.microsoft
support.skype
support.windows
support.xbox
surface.microsoft
surface.windows
system.windows
tcp.microsoft
translator.bing
travel.bing
udp.microsoft
update.microsoft
update.windows
www.vanguardoutrider.com
video.xbox
videos.bing
visualstudio.microsoft
weather.bing
wfh.azure
wfh.microsoft
windows.azure
windows.microsoft
windows.windows
windowsazure.microsoft
www.azure
www.bing
www.hotmail
www.microsoft
www.office
www.skype
www.windows
www.xbox
xbox.microsoft
xbox360.xbox
xboxlive.xbox
xboxone.xbox
xboxseriesx.microsoft
xboxseriesx.xbox
yahoo.hotmail
Other domains in certificate