Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=wallester.com
Issuer
C=US, O=Let's Encrypt, CN=E8
Valid From
November 26, 2025
Valid Until
February 24, 2026
60 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
82:B2:F9:66:F4:54:6A:4B:DC:6E:FD:5D:88:5C:FC:5F:03:C1:A5:CC:71:C3:7A:FB:91:25:09:6B:AC:5E:15:89
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; img-src; font-src; +4 more
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.jsspmedia.com jsspmedia.com *.aprtn.com aprtn.com tags.srv.stackadapt.com *.stalkoda.com stalkoda.com istatic-cdn.trackier.com stapecdn.com *.sentry-cdn.com *.hotjar.com *.cloudflare.com *.cloudfront.net indexfunction.com opnlink.com hitchbacks.com *.hitchbacks.com *.clarity.ms swrap.tradedoubler.com rtg.wewomedia.com *.facebook.net *.facebook.com *.bing.net *.bing.com *.doubleclick.net google.com *.googlesyndication.com *.gstatic.com *.google.com *.google.ru *.google.pl *.google.bg *.google.com.ua *.google.tn *.google.ch *.google.sk *.google.si *.google.ir *.google.cz *.google.co.uk *.google.lt *.google.de *.google.lv *.google.fr *.google.hu *.google.ee *.google.co.in *.google.nl *.google.pt *.google.by *.google.dz *.google.it mstat.acestream.net stackpath.bootstrapcdn.com *.googleapis.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.redditstatic.com *.reddit.com px.ads.linkedin.com snap.licdn.com *.youtube.com code.jquery.com *.wallester.com wallester.com *.wallester.biz wallester.biz *.wallester.eu *.g2crowd.com *.g2.com yoast.com *.hotjar.io *.trackier.com smct.co *.smct.co *.smct.io ordozen.com *.ordozen.com *.amazonaws.com webtrafficsource.com s.logstracker.com 478.theodyo.com ads-twitter.com *.ads-twitter.com *.twitter.com wss://*.hotjar.com; img-src * data:; font-src * data:; media-src 'self' blob: data:; worker-src 'self' blob:; frame-src 'self' blob: *.wallester.com *.wallester.biz www.googletagmanager.com www.google.com www.youtube.com *.doubleclick.net *.cloudflare.com *.gotrackier.com *.opnlink.com *.hitchbacks.com *.smct.io *.cloudfront.net webtrafficsource.com; frame-ancestors 'self';
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
amazonaws.com
amazontrust.com
awstrust.com
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Wildcard CAs
amazon.com
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 8 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts