SSL Server Test: stuartweitzman.com (Powered by Qualys SSL Labs)

SSL Report: stuartweitzman.com (23.56.127.156)

Assessed on: Sun, 28 Dec 2025 06:13:59 UTC | Clear cache

Due to a recently discovered bug in Apple's code, your browser is exposed to MITM attacks. Click here for more information.

Summary

Overall Rating

A+

100

Certificate

Protocol Support

Key Exchange

Cipher Strength

Visit our documentation page for more information, configuration guides, and books. Known issues are documented here.

This server supports TLS 1.3. MORE INFO »

HTTP Strict Transport Security (HSTS) with long duration deployed on this server. MORE INFO »

Certificate #1: EC 256 bits (SHA384withECDSA)

Server Key and Certificate #1
Subject	stuartweitzman.com Fingerprint SHA256: b3a4b095824b6ead3279ed1ad578ac05f2bd92c3699ac2720a621b513389dcc1 Pin SHA256: 85u1GTv4oucvWeYkiIwuNMcSJd5Y7fcODtGEcbroiP8=
Common names	stuartweitzman.com
Alternative names	stuartweitzman.com .stuartweitzman.ca .stuartweitzman.com stuartweitzman.ca
Serial Number	0c3da561c58ce3c6387e68d37a15a929
Valid from	Mon, 18 Aug 2025 00:00:00 UTC
Valid until	Tue, 18 Aug 2026 23:59:59 UTC (expires in 7 months and 21 days)
Key	EC 256 bits
Weak key (Debian)	No
Issuer	DigiCert Global G3 TLS ECC SHA384 2020 CA1 AIA: http://cacerts.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crt
Signature algorithm	SHA384withECDSA
Extended Validation	No
Certificate Transparency	Yes (certificate)
OCSP Must Staple	No
Revocation information	CRL, OCSP CRL: http://crl3.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl OCSP: http://ocsp.digicert.com
Revocation status	Good (not revoked)
DNS CAA	No (more info)
Trusted	Yes Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (2349 bytes)
Chain issues	None
#2
Subject	DigiCert Global G3 TLS ECC SHA384 2020 CA1 Fingerprint SHA256: 0587d6bd2819587ab90fb596480a5793bd9f7506a3eace73f5eab366017fe259 Pin SHA256: qBRjZmOmkSNJL0p70zek7odSIzqs/muR4Jk9xYyCP+E=
Valid until	Sun, 13 Apr 2031 23:59:59 UTC (expires in 5 years and 3 months)
Key	EC 384 bits
Issuer	DigiCert Global Root G3
Signature algorithm	SHA384withECDSA

Certification Paths


Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: b3a4b095824b6ead3279ed1ad578ac05f2bd92c3699ac2720a621b513389dcc1 Pin SHA256: 85u1GTv4oucvWeYkiIwuNMcSJd5Y7fcODtGEcbroiP8= EC 256 bits / SHA384withECDSA
2	Sent by server	DigiCert Global G3 TLS ECC SHA384 2020 CA1 Fingerprint SHA256: 0587d6bd2819587ab90fb596480a5793bd9f7506a3eace73f5eab366017fe259 Pin SHA256: qBRjZmOmkSNJL0p70zek7odSIzqs/muR4Jk9xYyCP+E= EC 384 bits / SHA384withECDSA
3	In trust store	DigiCert Global Root G3 Self-signed Fingerprint SHA256: 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 Pin SHA256: uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= EC 384 bits / SHA384withECDSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: b3a4b095824b6ead3279ed1ad578ac05f2bd92c3699ac2720a621b513389dcc1 Pin SHA256: 85u1GTv4oucvWeYkiIwuNMcSJd5Y7fcODtGEcbroiP8= EC 256 bits / SHA384withECDSA
2	Sent by server	DigiCert Global G3 TLS ECC SHA384 2020 CA1 Fingerprint SHA256: 0587d6bd2819587ab90fb596480a5793bd9f7506a3eace73f5eab366017fe259 Pin SHA256: qBRjZmOmkSNJL0p70zek7odSIzqs/muR4Jk9xYyCP+E= EC 384 bits / SHA384withECDSA
3	In trust store	DigiCert Global Root G3 Self-signed Fingerprint SHA256: 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 Pin SHA256: uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= EC 384 bits / SHA384withECDSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: b3a4b095824b6ead3279ed1ad578ac05f2bd92c3699ac2720a621b513389dcc1 Pin SHA256: 85u1GTv4oucvWeYkiIwuNMcSJd5Y7fcODtGEcbroiP8= EC 256 bits / SHA384withECDSA
2	Sent by server	DigiCert Global G3 TLS ECC SHA384 2020 CA1 Fingerprint SHA256: 0587d6bd2819587ab90fb596480a5793bd9f7506a3eace73f5eab366017fe259 Pin SHA256: qBRjZmOmkSNJL0p70zek7odSIzqs/muR4Jk9xYyCP+E= EC 384 bits / SHA384withECDSA
3	In trust store	DigiCert Global Root G3 Self-signed Fingerprint SHA256: 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 Pin SHA256: uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= EC 384 bits / SHA384withECDSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: b3a4b095824b6ead3279ed1ad578ac05f2bd92c3699ac2720a621b513389dcc1 Pin SHA256: 85u1GTv4oucvWeYkiIwuNMcSJd5Y7fcODtGEcbroiP8= EC 256 bits / SHA384withECDSA
2	Sent by server	DigiCert Global G3 TLS ECC SHA384 2020 CA1 Fingerprint SHA256: 0587d6bd2819587ab90fb596480a5793bd9f7506a3eace73f5eab366017fe259 Pin SHA256: qBRjZmOmkSNJL0p70zek7odSIzqs/muR4Jk9xYyCP+E= EC 384 bits / SHA384withECDSA
3	In trust store	DigiCert Global Root G3 Self-signed Fingerprint SHA256: 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 Pin SHA256: uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= EC 384 bits / SHA384withECDSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: b3a4b095824b6ead3279ed1ad578ac05f2bd92c3699ac2720a621b513389dcc1 Pin SHA256: 85u1GTv4oucvWeYkiIwuNMcSJd5Y7fcODtGEcbroiP8= EC 256 bits / SHA384withECDSA
2	Sent by server	DigiCert Global G3 TLS ECC SHA384 2020 CA1 Fingerprint SHA256: 0587d6bd2819587ab90fb596480a5793bd9f7506a3eace73f5eab366017fe259 Pin SHA256: qBRjZmOmkSNJL0p70zek7odSIzqs/muR4Jk9xYyCP+E= EC 384 bits / SHA384withECDSA
3	In trust store	DigiCert Global Root G3 Self-signed Fingerprint SHA256: 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0 Pin SHA256: uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= EC 384 bits / SHA384withECDSA

Click here to expand

Certificate #2: RSA 2048 bits (SHA256withRSA)

Server Key and Certificate #1
Subject	stuartweitzman.com Fingerprint SHA256: 92a17c2fdc0efaa8e1c88282985b5bd37f5b5388c2b36a204d102e3eb952bfeb Pin SHA256: 2+BkGKKRVP1CA7YKSCKUSkSMcB/35HhTOlIX0e1YfI4=
Common names	stuartweitzman.com
Alternative names	stuartweitzman.com .stuartweitzman.ca .stuartweitzman.com stuartweitzman.ca
Serial Number	01b3f2fe5da0ffcf9bae45c4282fcf59
Valid from	Mon, 18 Aug 2025 00:00:00 UTC
Valid until	Mon, 17 Aug 2026 23:59:59 UTC (expires in 7 months and 20 days)
Key	RSA 2048 bits (e 65537)
Weak key (Debian)	No
Issuer	DigiCert Global G2 TLS RSA SHA256 2020 CA1 AIA: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
Signature algorithm	SHA256withRSA
Extended Validation	No
Certificate Transparency	Yes (certificate)
OCSP Must Staple	No
Revocation information	CRL, OCSP CRL: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl OCSP: http://ocsp.digicert.com
Revocation status	Good (not revoked)
DNS CAA	No (more info)
Trusted	Yes Mozilla Apple Android Java Windows

Additional Certificates (if supplied)
Certificates provided	2 (3048 bytes)
Chain issues	None
#2
Subject	DigiCert Global G2 TLS RSA SHA256 2020 CA1 Fingerprint SHA256: c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9 Pin SHA256: Wec45nQiFwKvHtuHxSAMGkt19k+uPSw9JlEkxhvYPHk=
Valid until	Sat, 29 Mar 2031 23:59:59 UTC (expires in 5 years and 3 months)
Key	RSA 2048 bits (e 65537)
Issuer	DigiCert Global Root G2
Signature algorithm	SHA256withRSA

Certification Paths


Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: 92a17c2fdc0efaa8e1c88282985b5bd37f5b5388c2b36a204d102e3eb952bfeb Pin SHA256: 2+BkGKKRVP1CA7YKSCKUSkSMcB/35HhTOlIX0e1YfI4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	DigiCert Global G2 TLS RSA SHA256 2020 CA1 Fingerprint SHA256: c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9 Pin SHA256: Wec45nQiFwKvHtuHxSAMGkt19k+uPSw9JlEkxhvYPHk= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: 92a17c2fdc0efaa8e1c88282985b5bd37f5b5388c2b36a204d102e3eb952bfeb Pin SHA256: 2+BkGKKRVP1CA7YKSCKUSkSMcB/35HhTOlIX0e1YfI4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	DigiCert Global G2 TLS RSA SHA256 2020 CA1 Fingerprint SHA256: c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9 Pin SHA256: Wec45nQiFwKvHtuHxSAMGkt19k+uPSw9JlEkxhvYPHk= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: 92a17c2fdc0efaa8e1c88282985b5bd37f5b5388c2b36a204d102e3eb952bfeb Pin SHA256: 2+BkGKKRVP1CA7YKSCKUSkSMcB/35HhTOlIX0e1YfI4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	DigiCert Global G2 TLS RSA SHA256 2020 CA1 Fingerprint SHA256: c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9 Pin SHA256: Wec45nQiFwKvHtuHxSAMGkt19k+uPSw9JlEkxhvYPHk= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: 92a17c2fdc0efaa8e1c88282985b5bd37f5b5388c2b36a204d102e3eb952bfeb Pin SHA256: 2+BkGKKRVP1CA7YKSCKUSkSMcB/35HhTOlIX0e1YfI4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	DigiCert Global G2 TLS RSA SHA256 2020 CA1 Fingerprint SHA256: c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9 Pin SHA256: Wec45nQiFwKvHtuHxSAMGkt19k+uPSw9JlEkxhvYPHk= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA
Path #1: Trusted
1	Sent by server	stuartweitzman.com Fingerprint SHA256: 92a17c2fdc0efaa8e1c88282985b5bd37f5b5388c2b36a204d102e3eb952bfeb Pin SHA256: 2+BkGKKRVP1CA7YKSCKUSkSMcB/35HhTOlIX0e1YfI4= RSA 2048 bits (e 65537) / SHA256withRSA
2	Sent by server	DigiCert Global G2 TLS RSA SHA256 2020 CA1 Fingerprint SHA256: c8025f9fc65fdfc95b3ca8cc7867b9a587b5277973957917463fc813d0b625a9 Pin SHA256: Wec45nQiFwKvHtuHxSAMGkt19k+uPSw9JlEkxhvYPHk= RSA 2048 bits (e 65537) / SHA256withRSA
3	In trust store	DigiCert Global Root G2 Self-signed Fingerprint SHA256: cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f Pin SHA256: i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= RSA 2048 bits (e 65537) / SHA256withRSA

Click here to expand

Configuration

Protocols
TLS 1.3	Yes
TLS 1.2	Yes
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No

Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_256_GCM_SHA384 (`0x1302`) ECDH x25519 (eq. 3072 bits RSA) FS	256
TLS_CHACHA20_POLY1305_SHA256 (`0x1303`) ECDH x25519 (eq. 3072 bits RSA) FS	256^P
TLS_AES_128_GCM_SHA256 (`0x1301`) ECDH x25519 (eq. 3072 bits RSA) FS	128
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (`0xc02c`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (`0xc02b`) ECDH secp256r1 (eq. 3072 bits RSA) FS	128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (`0xc030`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (`0xc02f`) ECDH secp256r1 (eq. 3072 bits RSA) FS	128
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (`0xcca9`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256^P
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (`0xcca8`) ECDH secp256r1 (eq. 3072 bits RSA) FS	256^P
(P) This server prefers ChaCha20 suites with clients that don't have AES-NI (e.g., Android devices)

Handshake Simulation
Android 4.4.2	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Android 5.0.0	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 6.0	EC 256 (SHA384)	TLS 1.2 > http/1.1	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Android 7.0	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS
Android 8.0	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS
Android 8.1	-	TLS 1.3	TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS
Android 9.0	-	TLS 1.3	TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS
BingPreview Jan 2015	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Chrome 49 / XP SP3	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Chrome 69 / Win 7 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Chrome 70 / Win 10	-	TLS 1.3	TLS_AES_256_GCM_SHA384 ECDH x25519 FS
Chrome 80 / Win 10 R	-	TLS 1.3	TLS_AES_256_GCM_SHA384 ECDH x25519 FS
Firefox 31.3.0 ESR / Win 7	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 47 / Win 7 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS
Firefox 49 / XP SP3	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Firefox 62 / Win 7 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Firefox 73 / Win 10 R	-	TLS 1.3	TLS_AES_256_GCM_SHA384 ECDH x25519 FS
Googlebot Feb 2018	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
IE 11 / Win 7 R	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
IE 11 / Win 8.1 R	EC 256 (SHA384)	TLS 1.2 > http/1.1	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 R	EC 256 (SHA384)	TLS 1.2 > http/1.1	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
IE 11 / Win Phone 8.1 Update R	EC 256 (SHA384)	TLS 1.2 > http/1.1	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
IE 11 / Win 10 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 15 / Win 10 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 16 / Win 10 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 18 / Win 10 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Edge 13 / Win Phone 10 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 8u161	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 11.0.3	-	TLS 1.3	TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS
Java 12.0.1	-	TLS 1.3	TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.0.1l R	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.0.2s R	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.1.0k R	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
OpenSSL 1.1.1c R	-	TLS 1.3	TLS_AES_256_GCM_SHA384 ECDH x25519 FS
Safari 6 / iOS 6.0.1	Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1 R	Server sent fatal alert: handshake_failure
Safari 7 / OS X 10.9 R	Server sent fatal alert: handshake_failure
Safari 8 / iOS 8.4 R	Server sent fatal alert: handshake_failure
Safari 8 / OS X 10.10 R	Server sent fatal alert: handshake_failure
Safari 9 / iOS 9 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 9 / OS X 10.11 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / iOS 10 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 10 / OS X 10.12 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Safari 12.1.2 / MacOS 10.14.6 Beta R	-	TLS 1.3	TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS
Safari 12.1.1 / iOS 12.3.1 R	-	TLS 1.3	TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS
Apple ATS 9 / iOS 9 R	EC 256 (SHA384)	TLS 1.2 > h2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
Yahoo Slurp Jan 2015	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
YandexBot Jan 2015	EC 256 (SHA384)	TLS 1.2	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS
# Not simulated clients (Protocol mismatch)
Android 2.3.7 No SNI ²	Protocol mismatch (not simulated)
Android 4.0.4	Protocol mismatch (not simulated)
Android 4.1.1	Protocol mismatch (not simulated)
Android 4.2.2	Protocol mismatch (not simulated)
Android 4.3	Protocol mismatch (not simulated)
Baidu Jan 2015	Protocol mismatch (not simulated)
IE 6 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 7 / Vista	Protocol mismatch (not simulated)
IE 8 / XP No FS ¹ No SNI ²	Protocol mismatch (not simulated)
IE 8-10 / Win 7 R	Protocol mismatch (not simulated)
IE 10 / Win Phone 8.0	Protocol mismatch (not simulated)
Java 6u45 No SNI ²	Protocol mismatch (not simulated)
Java 7u25	Protocol mismatch (not simulated)
OpenSSL 0.9.8y	Protocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8	Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4 R	Protocol mismatch (not simulated)
Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Mitigated server-side (more info)
POODLE (SSLv3)	No, SSL 3 not supported (more info)
POODLE (TLS)	No (more info)
Zombie POODLE	No (more info)
GOLDENDOODLE	No (more info)
OpenSSL 0-Length	No (more info)
Sleeping POODLE	No (more info)
Downgrade attack prevention	Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression	No
RC4	No
Heartbeat (extension)	No
Heartbleed (vulnerability)	No (more info)
Ticketbleed (vulnerability)	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
OpenSSL Padding Oracle vuln. (CVE-2016-2107)	No (more info)
ROBOT (vulnerability)	No (more info)
Forward Secrecy	Yes (with most browsers) ROBUST (more info)
ALPN	Yes h2 h2-14 http/1.1
NPN	Yes h2 h2-14 http/1.1 http/1.0
Session resumption (caching)	Yes
Session resumption (tickets)	Yes
OCSP stapling	Yes
Strict Transport Security (HSTS)	Yes max-age=31536000 ; includeSubDomains
HSTS Preloading	Not in: Chrome Edge Firefox IE
Public Key Pinning (HPKP)	No (more info)
Public Key Pinning Report-Only	No
Public Key Pinning (Static)	No (more info)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	No
Incorrect SNI alerts	No
Uses common DH primes	No, DHE suites not supported
DH public server param (Ys) reuse	No, DHE suites not supported
ECDH public server param reuse	No
Supported Named Groups	secp256r1, x25519 (server preferred order)
SSL 2 handshake compatibility	No
0-RTT enabled	No

HTTP Requests

1 https://stuartweitzman.com/ (HTTP/1.1 302 Moved Temporarily)
1
	Server	AkamaiGHost
	Content-Length	0
	Location	https://www.stuartweitzman.com/
	Expires	Sun, 28 Dec 2025 06:13:18 GMT
	Pragma	no-cache
	Date	Sun, 28 Dec 2025 06:13:18 GMT
	Connection	close
	Set-Cookie	exp-SW=SW-MW; path=/; secure
	Set-Cookie	opt_enabled=true; path=/; secure
	Server-Timing	cdn-cache; desc=HIT
	Server-Timing	edge; dur=1
	x-0-is-desktop	true
	Set-Cookie	akavpau_NO_MA_SW_PROD_AU=1766902698~id=738bb67032aaf9833cb31543d3e9c242; Path=/; HttpOnly; Secure; SameSite=None
	Set-Cookie	akacd_stuart-na-prod-new_v1=2147483647~rv=42~id=a5c156a529ad8fa2e67a816735c0002a; path=/; Expires=Tue, 19 Jan 2038 03:14:07 GMT; Secure; SameSite=None
	Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval' ipredictive.com www.youtube.com siteassets.bluecore.com .adyen.com .go-mpulse.net .akstat.io adyen.com .scene7.com adgrx.com demdex.net ads.yieldmo.com a.bigcontent.io adnxs.com attentivemobile.com .attn.tv attn.tv .audioeye.com audioeye.com bidswitch.net .btttag.com www.bluecore.com bluekai.com .creativecdn.com certona.net www.res-x.com cloudflare.com .cloudfront.net cloudfront.net .coach.com .cquotient.com cquotient.com .criteo.net criteo.net .criteo.com criteo.com w55c.net .doubleclick.net .facebook.com .facebook.net facebook.net fonts.net .fonts.net .fonts.com .forter.com forter.com stickyadstv.com v.fwmrm.net www.google.co.in .google.com www.google.de www.googleadservices.com googleapis.com cloudfunctions.net www.googletagmanager.com .google-analytics.com 360yield.com casalemedia.com ivitrack.com .kargo.com kargo.com klarna.com .klarna.com klarnacdn.net .klarnacdn.net klarnaevt.com .klarnaevt.com .klarnaservices.com liadm.com addressy.com media.net mediavine.com mediawallahscript.com cookielaw.org postrelease.com needle.com agkn.com .onetrust.com onetrust.com .optimizely.com outbrain.com .paypal.com www.paypalobjects.com pinimg.com pinterest.com .powerreviews.com pubmatic.com qualtrics.com .qualtrics.com .quantummetric.com quantummetric.com rmp.rakuten.com revcontent.com rubiconproject.com sharethrough.com .shoprunner.com smartadserver.com .stuartweitzman.com stuartweitzman.com .stuartweitzman.ca taboola.com www.talkable.com tangiblee.com tapad.com teads.tv .tiktok.com tiktok.com .adsrvr.org adsrvr.org tremorhub.com 3lift.com truefitcorp.com ad.smaato.net clmbtech.com mdhv.io postcodeanywhere.co.uk rqtrk.eu ws.rqtrk.eu techlab-cdn.com udmserve.net www.yext-pixel.com pcapredict.com .bing.com api.bluecore.com api.bluecore.app edge1.certona.net cdnjs.cloudflare.com us-central1-cohinc-146020.cloudfunctions.net cdn.cookielaw.org .needle.com ct.pinterest.com .rmp.rakuten.com cdn.tangiblee.com p11.techlab-cdn.com dpm.demdex.net ib.adnxs.com secure.adnxs.com x.bidswitch.net tags.bluekai.com www.gstatic.com fonts.gstatic.com aa.agkn.com s.pinimg.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com pixel.tapad.com .truefitcorp.com ice.360yield.com dsum-sec.casalemedia.com hbx.media.net ssp-csync.smartadserver.com sync.taboola.com sync.teads.tv eb2.3lift.com services.postcodeanywhere.co.uk tapes11111.pcapredict.com tapestry.a.bigcontent.io api.addressy.com js-agent.newrelic.com sessions.bugsnag.com bam.nr-data.net events.attentivemobile.com exchange.mediavine.com r.casalemedia.com s.ad.smaato.net sync-t1.taboola.com cm.adgrx.com sync-criteo.ads.yieldmo.com .pubmatic.com ad.360yield.com ads.stickyadstv.com criteo-sync.teads.tv contextual.media.net fluentdapi.stg.shoprunner.io i8.amplience.net .amazonaws.com .drivecommerce.com m.media-amazon.com apay-us.amazon.com static-na.payments-amazon.com rt.udmserve.net cdn.static.amplience.net partner.mediawallahscript.com matching.ivitrack.com i.liadm.com jadserve.postrelease.com tapestry.tapad.com trends.revcontent.com criteo-partners.tremorhub.com ade.clmbtech.com sync.outbrain.com mathtag.com dwin1.com iesnare.com mpsnare.iesnare.com bh.contextweb.com pixel.s3xified.com s.seedtag.com mixer.mobon.net sync.cootlogix.com cm-exchange.toast.com .33across.com 33across.com .lijit.com sync.bidence.net sync.1rx.io cm.mgid.com csync.loopme.me sync.e-planning.net idsync.rlcdn.com sync.console.adtarget.com.tr dynl.mktgcdn.com 1f2e7.v.fwmrm.net adx.dable.io cs.adingo.jp tg.socdm.com adgen.socdm.com sync.aralego.com us-u.openx.net vid.vidoomy.com cdn.honey.io cloudinary.com res.cloudinary.com usersync.gumgum.com sync.connectad.io inv-nets.admixer.net .googlesyndication.com sync.addlv.smt.docomo.ne.jp t.adx.opera.com visitor.omnitagjs.com ad.tpmn.co.kr tst.kaptcha.com crwdcntrl.net www.google.com.ua .Yahoo.com ad-stir.com sync.ad-stir.com gssprt.jp cs.gssprt.jp send.microad.jp s-cs.send.microad.jp www.google.ca simpli.fi ad.yieldlab.net sync.targeting.unrulymedia.com onetag-sys.com beacon.krxd.net cm.adform.net .shoppinggives.com pippio.com sentry.io .mapbox.com .force.com www.google.es www.google.by www.google.fr www.google.co.uk www.google.co.il www.google.com.sa www.google.com.vn www.google.rs www.google.com.bh www.google.com.br www.google.com.eg www.google.se www.google.it www.google.com.uy www.google.co.nz www.google.com.gt www.google.co.th www.google.co.kr www.google.ie www.google.bs www.google.pl www.google.com.mx www.google.com.sv www.google.co.cr www.google.ru www.google.tt www.google.co.ug www.google.rw www.google.com.pe www.google.com.lb www.google.com.hk www.google.com.ec www.google.com.gh www.google.com.ng www.google.com.co www.google.com.ar www.google.tn consent.linksynergy.com .demandware.net .katespade.com .coachoutlet.com cm.meba.kr us.ck-ie.com b.admedia.com .instagram.com api.capitaloneshopping.com cm.igaw.io rstyle.me cdn.ivaws.com link.shoplooks.com .rewardstyle.com www.metziahs.com safe.menlosecurity.com us.ck-ie.com .thebrighttag.com .semasio.net sync.srv.stackadapt.com .kampyle.com .medallia.com .aralego.net app.collectivevoice.com .rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com google.com cdn.wyng.com .bluecore.app .liadm.com .tapestry.com .lilyai.net monetate.net .monetate.net .pixlee.co .turnto.com .edgecastcdn.net .pixlee.com .pixleeteam.com .pxlecdn.com .shopify.com .cdn.shopifycloud.com shop.app .shopifysvc.com .stripe.com .afterpay.com .squarecdn.com jsdelivr.net . jsdelivr.net .googleapis.com .linksynergy.com *.kahoona.io data: blob:;
	Referrer-Policy	strict-origin-when-cross-origin
	Strict-Transport-Security	max-age=31536000 ; includeSubDomains
	X-Frame-Options	sameorigin
	X-XSS-Protection	1; mode=block
	X-Content-Type-Options	nosniff
	Cache-Control	no-store
	Akamai-GRN	0.a3f4d517.1766902398.5fc6e384
	Set-Cookie	_abck=34B759074F35EEC494057B2F5960BCAC~-1~YAAQo/TVFwNv/iibAQAAdv6WYw9gmzvbVIfAN6kcfYMUZZugHdSu5G+CmPFUQQtQhheH4pB0NRVUaxs2t0CvD2dT2hhXRxCPROCuTGYRIdJQO8v9YUJOXQXb/Z1WXtEt4q3SgRCAiS+Gh/go3PkQOgWopYwWukI77x55B7bgTW4DBSgD0tpxfnrI/hliJgXPqhHPbWijqI4w0icMfocougGcFMdj9IxHNnwcSvOrICRdp/A7KGrIVBjtLkC2zuGmum3k2HxIhNpkm3IdZjS0cxehqs2BfTXRkL37wapiJ33kqPv+HxT54HNrXJhmlL5wo99z9kMOO4LX742B7Li6aTMEEfbWDlwcgiwD/wPp6WbfQd0M9+87ddF6Rl7NhbtGhFjsRaCqdzOR9VxZTDPMzhpzeuUhquAF1g4uDbMaWc2RVR7isfgb7wgUOmda4ouc21HreB2dn1XrWVWcVWA60BgLnBtpq/5d9pI=~-1~-1~-1~-1~-1; Domain=.stuartweitzman.com; Path=/; Expires=Mon, 28 Dec 2026 06:13:18 GMT; Max-Age=31536000; Secure
	Set-Cookie	bm_sz=ECB1EFCEEF4F939064FB903B0E8FFCC5~YAAQo/TVFwRv/iibAQAAdv6WYx6l2UVFTyen4v5sokwoWn3pEJyC6HjmBkH04MdeAOmktOai0y9bCZJOTDxI5U0evsPtTMgOUv0J/d1grzIIwn50Uw9Vq7AsvmfLEofLlu1g5kebE3fwFwlz/GBicLZbAELJuNSyRtWgK5Wi9YA9KcsA9dbWhkItd05jm1fTEtm7EwLrSAKgYhp+DurHJ070AWfmGwpogFgWcrxxdhzDVQcMZuo8YFHHYZhpj06zfXQ6m+Vii3ITGLkX1yEvqF4kL+ZZYSxWPOdtmbej0iAQYGxMj7Gg+rDvTq2ilMUs6pBxAxhq1z8+1to+Vj3owvldNmN3rs2p5s1M6iC32VR7X2NF0nM=~3291203~3359544; Domain=.stuartweitzman.com; Path=/; Expires=Sun, 28 Dec 2025 10:13:18 GMT; Max-Age=14400
	Server-Timing	ak_p; desc="1766902398514_399897763_1606869892_48_12051_23_35_-";dur=1

Miscellaneous
Test date	Sun, 28 Dec 2025 06:13:09 UTC
Test duration	49.576 seconds
HTTP status code	302
HTTP forwarding	https://www.stuartweitzman.com
HTTP server signature	AkamaiGHost
Server hostname	a23-56-127-156.deploy.static.akamaitechnologies.com

SSL Report v2.4.1

Copyright © 2009-2025 Qualys, Inc. All Rights Reserved. Privacy Policy.	Terms and Conditions
Try Qualys for free! Experience the award-winning Qualys Cloud Platform and the entire collection of Qualys Cloud Apps, including certificate security solutions.