SSL Certificate Analysis for toptex.fr - Security Grade & TLS Configuration

Open Cached · just now

96/100 SECURITY SCORE

Certificate Information

Subject

CN=toptex.fr

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

January 12, 2026

Valid Until

April 12, 2026 82 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

26:47:B9:82:01:AF:67:42:42:8F:15:F3:91:C4:FF:A9:B5:D8:D4:65:6D:95:50:3A:F4:84:B6:4C:00:3F:BB:FE

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://deviceid.notolytix.com https://*.userguiding.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://apis.google.com https://omg.toptex.fr https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google.com https://ajax.cloudflare.com/ https://www.gstatic.com https://ipinfo.io https://cdn.jsdelivr.net https://*.lyra.com https://static.cloudflareinsights.com https://tag.toptex.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.lyra.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://px4.ads.linkedin.com https://*.privacy-center.org https://*.lyra.com https://www.googletagmanager.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.com https://cdn.toptex.com https://tag.toptex.com https://region1.analytics.google.com https://www.google.fr https://stats.g.doubleclick.net https://www.toptex.fr https://*.toptex.com https://pagead2.googlesyndication.com https://files.europeancatalog.fr https://files.toptex.fr https://blog.toptex.com; connect-src 'self' https://*.privacy-center.org https://*.toptex.com wss://ws.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.userguiding.com https://px.ads.linkedin.com https://www.google.com https://insights.algolia.io https://ipinfo.io https://api.privacy-center.org https://pagead2.googlesyndication.com https://*.algolia.net; frame-src 'self' https://public.traceforgood.com https://vimeo.com https://www.youtube.com https://tag.toptex.com https://www.googletagmanager.com https://www.google.com https://api.lyra.com https://player.vimeo.com https://ns.europeancatalog.com https://www.europeancatalog.com https://challenges.cloudflare.com; object-src 'self' www.toptex.com; base-uri 'self'; form-action 'self' https://secure.lyra.com; upgrade-insecure-requests; worker-src 'self' blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), camera=(), microphone=(), fullscreen=(self)

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

amazon.com amazonaws.com comodoca.com digicert.com ; cansignhttpexchanges=yes letsencrypt.org pki.goog ; cansignhttpexchanges=yes ssl.com

Wildcard CAs

ssl.com amazon.com amazonaws.com comodoca.com digicert.com ; cansignhttpexchanges=yes letsencrypt.org pki.goog ; cansignhttpexchanges=yes

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• You have authorized 7 CAs - consider limiting to only the CAs you actively use
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

2 domains

toptex.fr *.toptex.fr