SSL Certificate Analysis for 1finance.co.in - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=1finance.co.in

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

October 25, 2025

Valid Until

January 23, 2026 50 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

0C:F7:63:73:E7:05:61:E8:54:7A:20:08:43:FF:0B:94:43:29:9F:D1:0B:7E:D7:0B:42:23:99:AB:CB:19:B4:3E

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

img-src; style-src; font-src; +5 more

img-src 'self' data: imaages-hosting-1fin.s3.ap-south-1.amazonaws.com w3.org *.s3.ap-south-1.amazonaws.com *.cdnfonts.com imaages-hosting-1fin.s3.amazonaws.com wp.stories.google imaages-hosting.s3.amazonaws.com qa.onehub.1finance.co.in connect.facebook.net *.facebook.com onehub.1finance.co.in *.indiacryptoresearch.in *.indiacryptoresearch.co.in https://www.googletagmanager.com *.google-analytics.com https://*.pagesense.io *.pagesense.io https://website-frontend-qa.1finance.co.in https://website-frontend-dev.1finance.co.in https://website-frontend-uat.1finance.co.in 1finance.co.in google.co.in *.google.co.in *.google.com *.quora.com *.linkedin.com *.clarity.ms *.google-analytics.com *.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.typekit.net 360.one https://www.googletagmanager.com *.google-analytics.com *.google.com *.vimeo.com *.pagesense.io *.cloudflare.com *.zoho.in https://connect.facebook.net *.amuselabs.com *.cdnfonts.com google.co.in *.google.co.in *.linkedin.com *.clarity.ms *.zohostatic.com *.zohocdn.com *.quora.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.typekit.net *.cloudflare.com *.cdnfonts.com *.google.com google.co.in *.google.co.in *.linkedin.com *.clarity.ms; frame-src 'self' https://*.pagesense.io https://*.zoho.in *.youtube.com *.amuselabs.com *.vimeo.com https://www.googletagmanager.com *.google-analytics.com *.google.com google.co.in *.google.co.in *.linkedin.com *.clarity.ms *.zoho.com *.salesiq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.amuselabs.com *.google-analytics.com *.cdnfonts.com *.analytics.google.com https://cdn.pagesense.io https://website-frontend-qa.1finance.co.in https://website-frontend-dev.1finance.co.in https://website-frontend-uat.1finance.co.in https://1finance.co.in https://*.1finance.co.in https://qa.onehub.1finance.co.in https://onehub.1finance.co.in https://connect.facebook.net https://facebook.com https://*.pagesense.io https://crypto-qa.indiacryptoresearch.in https://*.indiacryptoresearch.co.in https://*.onefin.app https://*.linkedin.com https://*.google.com https://google.co.in https://*.google.co.in https://*.clarity.ms https://*.zoho.in *.zoho.com *.zohocorp.com *.pagesense.io *.salesiq.com *.cloudflare.com *.cdnfonts.com *.s3.ap-south-1.amazonaws.com *.youtube.com *.googleapis.com https://fonts.googleapis.com https://*.typekit.net 360.one *.vimeo.com *.quora.com *.licdn.com *.doubleclick.net *.zohostatic.com *.zohocdn.com *.quora.com https://cdn.jsdelivr.net; object-src 'self' *.googletagmanager.com *.google-analytics.com *.cdnfonts.com *.analytics.google.com https://cdn.pagesense.io https://website-frontend-qa.1finance.co.in https://website-frontend-dev.1finance.co.in https://website-frontend-uat.1finance.co.in https://1finance.co.in https://*.1finance.co.in https://qa.onehub.1finance.co.in https://onehub.1finance.co.in https://connect.facebook.net https://facebook.com https://*.pagesense.io https://crypto-qa.indiacryptoresearch.in https://*.indiacryptoresearch.co.in https://*.onefin.app https://*.linkedin.com https://*.google.com https://google.co.in https://*.google.co.in https://*.clarity.ms https://*.zoho.in *.zoho.com *.zohocorp.com *.pagesense.io *.salesiq.com *.cloudflare.com *.cdnfonts.com *.s3.ap-south-1.amazonaws.com *.youtube.com *.googleapis.com https://fonts.googleapis.com https://*.typekit.net 360.one *.vimeo.com *.quora.com *.licdn.com *.doubleclick.net; connect-src 'self' https://hr.hwtpl.com *.zohostatic.com *.zohocdn.com *.quora.com https://cdn.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com https://cdn.pagesense.io https://website-frontend-qa.1finance.co.in https://website-frontend-dev.1finance.co.in https://website-frontend-uat.1finance.co.in 1finance.co.in *.1finance.co.in https://qa.onehub.1finance.co.in https://onehub.1finance.co.in https://connect.facebook.net https://facebook.com *.pagesense.io crypto-qa.indiacryptoresearch.in *.indiacryptoresearch.co.in *.onefin.app *.linkedin.com *.google.com google.co.in *.google.co.in *.clarity.ms stats.g.doubleclick.net *.zoho.com *.zohocorp.com *.pagesense.io *.salesiq.com wss://*.zohopublic.com *.vimeo.com data: *.zoho.in; frame-ancestors 'none';

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(), microphone=(), camera=(), fullscreen=*, payment=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

1finance.co.in www.1finance.co.in