Open
Cached
·
just now
88/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=Minnesota, L=Minneapolis, O=U.S. Bank National Association, CN=www.pfmam.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
Valid From
December 04, 2025
Valid Until
January 04, 2027
347 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
61:A3:07:9E:15:1A:52:A6:D3:5E:5C:47:E0:A4:7A:17:62:26:70:45:50:37:0C:18:25:21:F2:20:CD:42:08:B6
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; style-src; script-src
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
79 domains
plgit.com
www-dr.plgit.com
www.plgit.com
bondresourcepartners.com
www-dr.bondresourcepartners.com
www.bondresourcepartners.com
camponline.com
www-dr.camponline.com
www.camponline.com
csipinvest.com
www-dr.csipinvest.com
www.csipinvest.com
epicfundny.com
www.epicfundny.com
fl-palm.com
www-dr.fl-palm.com
www.fl-palm.com
govmic.org
www-dr.govmic.org
www.govmic.org
iiit.us
www-dr.iiit.us
www.iiit.us
investncip.com
www-dr.investncip.com
www.investncip.com
ipdlaf.org
www-dr.ipdlaf.org
www.ipdlaf.org
magicfund.org
www-dr.magicfund.org
www.magicfund.org
milaf.org
www-dr.milaf.org
www.milaf.org
mosip.org
www-dr.mosip.org
www.mosip.org
msdlaf.org
www-dr.msdlaf.org
www.msdlaf.org
nhpdip.com
www-dr.nhpdip.com
www.nhpdip.com
njarm.com
www-dr.njarm.com
www.njarm.com
nlafpool.org
www-dr.nlafpool.org
www.nlafpool.org
paisboainvest.com
www.paisboainvest.com
am-api-dr.pfmam.com
am-api.pfmam.com
am-auth-dr.pfmam.com
am-auth.pfmam.com
connect-dr.pfmam.com
connect.pfmam.com
dr-secureauth.pfmam.com
mmst-dr.pfmam.com
mmst.pfmam.com
pfmam.com
secureauth.pfmam.com
www-dr.pfmam.com
www.pfmam.com
pfmassetmanagement.com
www-dr.pfmassetmanagement.com
www.pfmassetmanagement.com
texas-range.com
www-dr.texas-range.com
www.texas-range.com
dr-seclend.usbank.com
seclend.usbank.com
vasnap.com
www-dr.vasnap.com
www.vasnap.com
wgif.org
www-dr.wgif.org
www.wgif.org
Other domains in certificate