DNS Gurus
Open Cached · 6h ago
88/100 SECURITY SCORE

Certificate Information

Subject
C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=visualstudio.com
Issuer
C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08
Valid From
September 14, 2025
Valid Until
March 13, 2026 129 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA384-RSA
SHA-256 Fingerprint
BB:D3:A8:33:3E:E9:AA:2A:A9:1D:93:36:88:A8:13:61:AC:51:DA:82:1F:49:5E:12:1D:2E:64:83:07:B3:2C:C7
Alternative Names
77 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=15768000 ; includeSubDomains ; preload
Content-Security-Policy
Basic
script-src
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Configured (Restricts certificate issuance)
Current Issuer
Not Authorized (Potential misconfiguration)
CAA Issues
  • CRITICAL: Current certificate issuer 'C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 08' is NOT authorized by CAA records. Authorized CAs:
Recommendations
  • Consider using critical flag (flags=128) for stricter CAA enforcement
  • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

77 domains
visualstudio.com *.visualstudio.com *.advsec.visualstudio.com *.almsearch.visualstudio.com *.analytics.visualstudio.com *.artifactcache.visualstudio.com *.artifacts.visualstudio.com *.auditservice.visualstudio.com *.azboards.visualstudio.com *.azchatops.visualstudio.com *.azents.visualstudio.com *.azminicom.visualstudio.com *.azpipelines.visualstudio.com *.codelens.visualstudio.com *.commvtwo.visualstudio.com *.dataimport.visualstudio.com *.dpdbot.visualstudio.com *.entreq.visualstudio.com *.extmgmt.visualstudio.com *.feeds.visualstudio.com *.gdprdel.visualstudio.com *.governance.visualstudio.com *.manage.visualstudio.com *.marketplace.visualstudio.com *.my.visualstudio.com *.pipelines.visualstudio.com *.pkgs.visualstudio.com *.runtimecatalog.visualstudio.com *.sample.visualstudio.com *.status.visualstudio.com *.userext.visualstudio.com *.vsaex.visualstudio.com *.vsblob.visualstudio.com *.vscatalog.visualstudio.com *.vsclt.visualstudio.com *.vscommerce.visualstudio.com *.vsdevprofile.visualstudio.com *.vsdscops.visualstudio.com *.vsevidence.visualstudio.com *.vskeros.visualstudio.com *.vslicense.visualstudio.com *.vsmps.visualstudio.com *.vsnotify.visualstudio.com *.vspolicy.visualstudio.com *.vsrm.visualstudio.com *.vssh.visualstudio.com *.vssps.visualstudio.com *.vstmr.visualstudio.com *.vstoken.visualstudio.com *.vstskalypso.visualstudio.com *.vstsusers.visualstudio.com *.zeus.visualstudio.com

Other domains in certificate

*.almsearch.vsallin.net *.codelens.vsallin.net *.gdprdel.vsallin.net *.marketplace.vsallin.net *.status.vsallin.net *.userext.vsallin.net *.vsaex.vsallin.net *.vsallin.net *.vscatalog.vsallin.net *.vscommerce.vsallin.net *.vsdscops.vsallin.net *.vskeros.vsallin.net *.vslicense.vsallin.net *.vsmps.vsallin.net *.vsrm.vsallin.net *.vssps.vsallin.net *.vsspsext.vsallin.net *.vstmrblob.vsallin.net *.vstoken.vsallin.net *.vstsusers.vsallin.net
*.gallery.vsassets.io *.galleryppe.vsassets.io *.vsassets.io *.vsblob.vsassets.io *.vstmrblob.vsassets.io