Open
Cached
·
just now
94/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 67, 72>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 4, 66, 101, 114, 110>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=CHE-101.494.993, C=CH, L=Zürich, O=SWITCH, CN=www.switch.ch
Issuer
C=US, O=DigiCert Inc, CN=DigiCert EV RSA CA G2
Valid From
October 28, 2025
Valid Until
October 27, 2026
329 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
54:F4:10:9A:86:AE:CA:90:4A:08:4E:E2:36:46:FE:88:C6:D4:9A:00:BC:B9:E3:4B:35:FE:00:F6:53:11:7E:3D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
base-uri; font-src; form-action; +11 more
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev *.umantis.com; img-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; connect-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev tracker.switch.ch; frame-src 'self' *.youtube.com *.vimeo.com *.switch.ch; media-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev *.ytimg.com; script-src-elem 'self' 'unsafe-inline' *.switch.ch tracker.switch.ch; script-src 'self' report-sample 'unsafe-inline' 'unsafe-eval'
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
digicert.com
; account=88646c566474fb435c2a73b7e885f93cee64611d831bca6d567ff2f5f8de6d76
letsencrypt.org
Wildcard CAs
letsencrypt.org
digicert.com
; account=88646c566474fb435c2a73b7e885f93cee64611d831bca6d567ff2f5f8de6d76
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
8 domains
switch.ch
help.switch.ch
www.switch.ch
cms.www.switch.ch
misc.www.switch.ch
prod.www.switch.ch
swit.ch
www.swit.ch
Other domains in certificate