Free CAA Records Checker
Validate your domain's CAA (Certificate Authority Authorization) records configuration.
Control which Certificate Authorities can issue certificates for your domain and enhance security.
- CAA record validation and analysis
- Certificate Authority authorization check
- Wildcard and subdomain CAA coverage
"Barrion's security scanning has helped us implement best security practices efficiently, saving us countless hours."
Sarah Chen
Head of Security
"We identified and fixed critical vulnerabilities before our platform launch, saving us from potential data breaches."
Marcus Anderson
CTO
"Barrion gives us peace of mind, knowing we're notified of any security issues. Exactly what our team needed."
Oskar Nilsson
Tech Lead
Scan in three simple steps
Fast, safe, non-intrusive checks with actionable results.
Start scan
Enter your URL, and click the start scan button to begin.
Scan runs
Barrion performs passive, read-only security checks with minimal site impact.
View results
See security findings with prioritized, actionable recommendations.
What are CAA Records?
CAA (Certificate Authority Authorization) records are DNS records that specify which Certificate Authorities (CAs) are authorized to issue SSL/TLS certificates for your domain. This helps prevent unauthorized certificate issuance and domain hijacking attacks.
What this checker validates
- Presence and configuration of CAA records
- Authorized Certificate Authorities list
- Wildcard and subdomain CAA coverage
- CAA record syntax and policy compliance
- Certificate issuance policy validation
Benefits of CAA Records
- Prevents unauthorized certificate issuance by malicious CAs
- Reduces risk of domain hijacking and phishing attacks
- Provides audit trail for certificate issuance
- Enhances overall domain security posture
- Compliance with security best practices
How to configure CAA Records
- Basic CAA: 0 issue "letsencrypt.org" (allow Let's Encrypt)
- Restrictive CAA: 0 issue "digicert.com" (only DigiCert)
- Wildcard CAA: 0 issuewild "sectigo.com" (wildcard certs only from Sectigo)
- Report-only: 0 iodef "mailto:[email protected]" (report violations)
Tool-specific questions
Are CAA records mandatory?
What happens if I don't have CAA records?
Can I have multiple CAA records?
How do CAA records affect wildcard certificates?
Should I monitor CAA records regularly?
Why Choose Barrion?
Real-Time Results
Instant security analysis with detailed reports, giving you an immediate security overview
Comprehensive Checks
Multiple best-practice security checks in a single scan, for broad coverage
Actionable and Effective
Clear recommendations for fixes, helping you improve your security quickly and effectively
Other Tools
Complete Security Scan
Complete website security analysis with comprehensive vulnerability detection
- Full security assessment
- Detailed security report
- Actionable recommendations
- Risk severity scoring
Security Headers Test
Check your website's HTTP security headers configuration
- Content Security Policy
- X-Frame-Options
- X-Content-Type-Options
- Permissions Policy
- Referrer Policy
- And more...
TLS/SSL Security Checker
Validate your SSL/TLS configuration and certificate setup
- HTTPS verification
- HSTS check
- TLS version check
- Cipher suite analysis
Content Security Policy (CSP) Checker
Analyze your CSP for unsafe directives and strengthen your policy with best practices.
- CSP directives analysis
- Detect unsafe-inline/eval
- Nonce/Hash guidance
CORS Policy Checker
Validate Access-Control headers, credentials safety, and simulate preflight requests.
- ACAO configuration
- Preflight simulation
- Credentials safety
Cookie Security Checker
Audit HttpOnly, Secure, SameSite and Partitioned cookie attributes for safety.
- HttpOnly & Secure flags
- SameSite settings
- Partitioned cookies
