Skip to content
fast, API-first TLS scanning
A+

cloudflare.com

159ms · just now ↻ rescan

Certificate

subjectcloudflare.com
issuerWE1 · Google Trust Services · US
sanscloudflare.com, ns.cloudflare.com, *.ns.cloudflare.com, *.secondary.cloudflare.com, secondary.cloudflare.com
keyECDSA 256
seriala49c58ef69b060221328eca90d788485
valid from2026-05-10
expires2026-08-08 (52 days)
chain3 certs · valid
ocsp stapling✓ present
scts✗ none

Chain

leafcloudflare.com
issuerWE1
keyECDSA 256 · ECDSA-SHA256
expires2026-08-08 (52d)
intermediate 1WE1
issuerGTS Root R4
keyECDSA 256 · ECDSA-SHA384
expires2029-02-20 (979d)
rootGTS Root R4
issuerGlobalSign Root CA
keyECDSA 384 · SHA256-RSA
expires2028-01-28 (589d)

Protocol

tls 1.3✓ supported
tls 1.2✓ supported
tls 1.1✗ disabled
tls 1.0✗ disabled
key exchangeECDHE (TLS 1.3)
forward secrecy✓ yes

Cipher Suites

total18 suites
strong7
acceptable6
weak5
TLS 1.3
AES-128-GCM-SHA256
TLS 1.2
ECDHE-ECDSA AES-128-CBC-SHAECDHE-ECDSA AES-256-CBC-SHAECDHE-RSA AES-128-CBC-SHAECDHE-RSA AES-256-CBC-SHAECDHE-ECDSA AES-128-GCM-SHA256ECDHE-ECDSA AES-256-GCM-SHA384ECDHE-RSA AES-128-GCM-SHA256ECDHE-RSA AES-256-GCM-SHA384ECDHE-RSA CHACHA20-POLY1305-SHA256ECDHE-ECDSA CHACHA20-POLY1305-SHA256RSA AES-128-CBC-SHARSA AES-256-CBC-SHARSA AES-128-CBC-SHA256RSA AES-128-GCM-SHA256RSA AES-256-GCM-SHA384ECDHE-ECDSA AES-128-CBC-SHA256ECDHE-RSA AES-128-CBC-SHA256

Transport

hsts✓ max-age=31536000
includeSubDomains
preload directive
preload list✓ listed
http/2✓ supported
http/3✓ QUIC
alt-svch3=":443"; ma=86400

DNS Security

dnssec✓ signed
caaiodef mailto:tls-abuse@cloudflare.com, issue comodoca.com, issue digicert.com; cansignhttpexchanges=yes, issue letsencrypt.org, issue pki.goog; cansignhttpexchanges=yes, issue ssl.com, issuewild comodoca.com, issuewild digicert.com; cansignhttpexchanges=yes, issuewild letsencrypt.org, issuewild pki.goog; cansignhttpexchanges=yes, issuewild ssl.com
dane / tlsa

Compliance

PCI DSS 4.0✗ 1 issue: Weak/insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256 +2 more
NIST 800-52r2✗ 1 issue: Weak/insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256 +2 more
HIPAA✗ 1 issue: Insecure ciphers: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256 +2 more
transport-layer checks only
how fast is cloudflare.com? see on yoke.lol →
API usage