Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
DNSMedium PriorityPro

CAA DNS Records

Certificate Authority Authorization records specify which CAs are allowed to issue certificates for your domain.

Why It Matters

CAA prevents unauthorized certificate issuance. If an attacker compromises a CA you don't use, they still can't get certificates for your domain.

How We Check

We query CAA DNS records and verify they restrict certificate issuance to your intended CAs.

How to Fix

Add CAA records specifying allowed CAs: example.com. CAA 0 issue 'letsencrypt.org'. Add iodef for violation reporting.

Related Security Checks

TLS

Certificate Expiry

DNS

DNS Security

Check Your Website Now

Run a free security scan to check for CAA DNS Records issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.