Expiration: 2024-12-24 (31 days remaining)
Issuer: Google Trust Services
Authority: WE1
Download CertificateVersion: TLSv1.3
Cipher: TLS_AES_256_GCM_SHA384
TLS (Transport Layer Security) encrypts data in transit, protecting against eavesdropping and tampering. Strong TLS configurations use up-to-date protocols and ciphers to ensure the highest level of security.
Great! Your site implements Content Security Policy. Ensure it's properly configured to maximize protection against XSS and other injection attacks.
X-Frame-Options header is present, helping to prevent clickjacking attacks by controlling how your site can be embedded in frames.
HSTS forces browsers to use HTTPS, preventing downgrade attacks and cookie hijacking.
Mixed content (HTTP resources on HTTPS pages) poses security risks, enabling potential attacks and content injection. Modern browsers may block it, breaking site functionality.
A WAF provides an additional layer of security for your website. Ensure it's properly configured and regularly updated for optimal protection.
Helps prevent XSS attacks in older browsers.
Prevents MIME type sniffing.
Controls the Referer header for outgoing requests.
Controls which browser features and APIs can be used.
In theory you want to hide your software or version but not all announcements are bad.
DNSSEC adds a layer of trust to your domain name. It helps prevent DNS spoofing and cache poisoning attacks. Consider enabling it for enhanced security.
DMARC helps prevent email spoofing and protects your domain from unauthorized use in phishing attacks.
DKIM adds a digital signature to emails, verifying that they were sent by an authorized sender and weren't altered in transit.