SSL Certificate Analysis for www.optum.com - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Unknown Certificate Authority - the server's certificate is not trusted

Open Cached · just now

85/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=Minnesota, O=UnitedHealth Group Inc., CN=www.optum.com

Issuer

C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36

Valid From

January 11, 2026

Valid Until

January 11, 2027 354 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

06:16:FE:7F:5E:5A:7E:F5:DA:5A:85:13:4B:6B:77:F5:72:30:8E:6A:B6:95:C1:24:72:97:5A:16:E6:6B:02:17

Alternative Names

113 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300; includeSubdomains; preload

Content-Security-Policy

Weak

frame-ancestors; frame-src

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

113 domains

optum.com business.optum.com campaign.optum.com customerconnect.optum.com frontiertherapies.optum.com globalmedicalservices.optum.com healthybenefitsplus.optum.com ibm.optum.com labs.optum.com lp.optum.com medicalservices.optum.com medicareandproviders.optum.com my.optum.com my5.optum.com o5.optum.com specialty.optum.com tooele.optum.com userguide.optum.com welcomechangehealthcare.optum.com welcomewebsite.optum.com workcompauto.optum.com www.optum.com

Other domains in certificate

advantageplusnetwork.com www.advantageplusnetwork.com

changehealthcare.com www.changehealthcare.com

divvydose.com www.divvydose.com

genoahealthcare.com www.genoahealthcare.com

healthybenefitsplus.com www.healthybenefitsplus.com

here4tn.com www.here4tn.com

homeandcommunity.com www.homeandcommunity.com

housecallsvisit.com www.housecallsvisit.com

iadur.org www.iadur.org

ifmgipa.com www.ifmgipa.com

illinoissmac.com www.illinoissmac.com

lewin.com www.lewin.com

myaarphsa.com www.myaarphsa.com

myoptumfinancial.com www.myoptumfinancial.com

nuvaila.com www.nuvaila.com

nuvaila.uk www.nuvaila.uk

imaging.optum.au

imaging.optum.co.uk optum.co.uk www.optum.co.uk

imaging.optum.ie optum.ie www.optum.ie

optum.in www.optum.in

optumbank.com www.optumbank.com

optumhealthslco.com www.optumhealthslco.com

optumlabs.com www.optumlabs.com

optumrx.com professionals.optumrx.com www.optumrx.com www2.optumrx.com

prohealthmd.com www.prohealthmd.com

providerexpress.com www.providerexpress.com

rxssdc.org www.rxssdc.org

smalv.com www.smalv.com

ahatpa-rxportal.sxc.com amerihealth-rxportal.sxc.com bcbsaz.rxportal.sxc.com bcbsm-rxportal.sxc.com bluelink-rxportal.sxc.com humanaassociaterx-rxportal.sxc.com ibx-rxportal.sxc.com messa-rxportal.sxc.com nextbluend-rxportal.sxc.com pai.rxportal.sxc.com pharmacy.rxportal.sxc.com php.rxportal.sxc.com quartz-rxportal.sxc.com rxportal.sxc.com serveyou.rxportal.sxc.com vermontblueadvantage-rxportal.sxc.com vermontbluerx-rxportal.sxc.com

csaaigbackpain.uhc.com gem.uhc.com ipghrhub.uhc.com

uhcathome.com www.uhcathome.com

uhchealthaccounts.com www.uhchealthaccounts.com

uhchousecalls.com www.uhchousecalls.com

uhchousecallsvisit.com www.uhchousecallsvisit.com

uhcretireeaccounts.com www.uhcretireeaccounts.com

usmd.com www.usmd.com