SSL Certificate Analysis for 71.248.107.34.bc.googleusercontent.com - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for www.avo.app, not for 71.248.107.34.bc.googleusercontent.com

Open Cached · just now

95/100 SECURITY SCORE

Certificate Information

Subject

CN=www.avo.app

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 02, 2025

Valid Until

March 03, 2026 89 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

62:46:47:17:92:54:66:D2:61:B2:B5:C8:95:F6:4A:DA:B4:A9:2C:3F:CA:6D:D6:15:1D:E1:54:96:37:F3:F7:EC

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31556926; includeSubDomains; preload

Content-Security-Policy

Good

base-uri; default-src; script-src; +10 more

base-uri https://*.avo.app; default-src 'self'; script-src 'self' 'nonce-lcRnqB4PCebD3Qdh60pmKyNK2auDl3zR' 'strict-dynamic' https://cdn.avo.app https://www.googletagmanager.com https://*.googletagmanager.com https://cdn.segment.com https://*.mxpnl.com https://edge.fullstory.com https://rs.fullstory.com https://cdn.amplitude.com https://cdn.iubenda.com https://widget.intercom.io https://cdn.jsdelivr.net https://canny.io https://js.intercomcdn.com https://www.iubenda.com https://www.youtube.com https://s.ytimg.com https://ajax.googleapis.com https://www.google-analytics.com https://optimize.google.com https://grow.clearbitjs.com https://www.googleoptimize.com https://snap.licdn.com https://www.googleanalytics.com https://embed.typeform.com; style-src 'self' 'unsafe-inline' https://cdn.avo.app https://*.website-files.com https://uploads-ssl.webflow.com https://cdn.jsdelivr.net https://www.iubenda.com https://fonts.googleapis.com https://optimize.google.com https://github.githubassets.com https://www.googletagmanager.com https://embed.typeform.com https://rsms.me; img-src 'self' data: blob: https://jitpack.io/v/avohq/android-avo-inspector.svg https://badge.fury.io/js/avo-inspector.svg https://img.shields.io https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.linkedin.com https://*.website-files.com https://uploads-ssl.webflow.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://heapanalytics.com https://www.google.co.uk https://www.google.is https://static.intercomassets.com https://lh3.googleusercontent.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://api.producthunt.com https://www.facebook.com https://grow.clearbitjs.com https://p.adsymptotic.com https://rs.fullstory.com https://track.hubspot.com https://forms.hsforms.com https://*.hubspotusercontent-na1.net https://js.hsleadflows.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; font-src 'self' data: https://*.website-files.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://rsms.me https://uploads-ssl.webflow.com https://cdn.avo.app; connect-src 'self' https://*.mixpanel.com https://*.iubenda.com https://avo-web-app.appspot.com https://api.avo.app https://api.amplitude.com https://*.algolia.net https://api.segment.io https://cdn.segment.com https://edge.fullstory.com https://rs.fullstory.com https://*.googleapis.com *.google.com https://sentry.io https://*.ingest.sentry.io https://api-iam.intercom.io https://uploads.intercomcdn.com wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://api.mixpanel.com https://heapanalytics.com https://www.google-analytics.com https://canny.io/api/ https://api.canny.io/ https://webflow.com https://cdn.dreamdata.cloud https://*.posthog.com/ https://app.clearbit.com/v1/ https://forms.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://gtm-wgcclnd-n2zkm.uc.r.appspot.com https://*.google-analytics.com https://*.googletagmanager.com https://*.dopt.com wss://*.dopt.com https://*.gstatic.com https://platform.adobe.io https://px.ads.linkedin.com data: blob:; media-src https://js.intercomcdn.com https://cdn.avo.app https://www.avo.app https://*.website-files.com; object-src 'none'; frame-src https://www.avo.app https://*.iubenda.com https://js.stripe.com https://www.youtube.com https://canny.io https://changelog-widget.canny.io https://optimize.google.com https://share.transistor.fm https://intercom-sheets.com https://forms.hubspot.com https://my.causal.app https://form.typeform.com https://cdn.embedly.com https://www.googletagmanager.com https://www.loom.com; frame-ancestors 'self' http://localhost:1235/ http://avo.localhost https://*.avo-dev.app/ https://*.avo.app/ https://*.mixpanel.com https://consent.iubenda.com https://avo-web-app.appspot.com https://api.avo.app https://api.amplitude.com https://*.algolia.net https://api.segment.io https://cdn.segment.com https://*.fullstory.com https://www.googleapis.com https://firestore.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaseinstallations.googleapis.com https://sentry.io https://*.ingest.sentry.io https://api-iam.intercom.io https://uploads.intercomcdn.com wss://*.intercom.io https://*.intercom.io https://*.intercomcdn.com https://securetoken.googleapis.com https://api.mixpanel.com https://heapanalytics.com https://firebasestorage.googleapis.com https://www.google-analytics.com https://hits-i.iubenda.com https://canny.io/api/users/identify https://webflow.com https://cdn.dreamdata.cloud https://firebaselogging-pa.googleapis.com/ https://*.posthog.com/; upgrade-insecure-requests; report-uri https://o998558.ingest.sentry.io/api/5957408/security/?sentry_key=1866be293d8e4d708c3551795e7aeea8

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()

Recommendations

• Strengthen CSP by removing 'unsafe-eval'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain