SSL Certificate Analysis for alacriti.com - Security Grade & TLS Configuration

Open Cached · just now

95/100 SECURITY SCORE

Certificate Information

Subject

CN=alacriti.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M03

Valid From

August 29, 2025

Valid Until

September 27, 2026 252 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

9C:6D:55:91:8C:0B:B9:D3:26:60:7E:31:CE:B5:CF:85:E5:23:60:0B:E8:F9:99:A2:4A:4C:56:D6:FA:CE:F8:51

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; base-uri; object-src; +10 more

default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' blob: cmp.osano.com consent.api.osano.com tattle.api.osano.com disclosure.api.osano.com fast.wistia.com fast.wistia.net embed-ssl.wistia.com js.hs-scripts.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net js.hs-banner.com js.usemessages.com www.googletagmanager.com script.crazyegg.com snap.licdn.com scout-cdn.salesloft.com opps-widget.getwarmly.com unpkg.com stats.wp.com browser.sentry-cdn.com js.driftt.com widget.drift.com googleads.g.doubleclick.net www.googleadservices.com js.zi-scripts.com js.static.parmonic.ai www.buzzsprout.com buzzsprout.com dyv6f9ner1ir9.cloudfront.net; script-src-elem 'self' 'unsafe-inline' blob: cmp.osano.com consent.api.osano.com tattle.api.osano.com disclosure.api.osano.com fast.wistia.com fast.wistia.net embed-ssl.wistia.com js.hs-scripts.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net js.hs-banner.com js.usemessages.com www.googletagmanager.com script.crazyegg.com snap.licdn.com scout-cdn.salesloft.com opps-widget.getwarmly.com unpkg.com stats.wp.com browser.sentry-cdn.com js.driftt.com widget.drift.com googleads.g.doubleclick.net www.googleadservices.com js.zi-scripts.com js.static.parmonic.ai www.buzzsprout.com buzzsprout.com dyv6f9ner1ir9.cloudfront.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; img-src 'self' data: blob: www.alacriti.com alacriti.com fast.wistia.com fast.wistia.net embed-ssl.wistia.com stats.wp.com pixel.wp.com track.hubspot.com px.ads.linkedin.com forms-na1.hsforms.com googleads.g.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com www.google-analytics.com *.media.parmonic.ai res.cloudinary.com www.linkedin.com *.buzzsprout.com www.buzzsprout.com; font-src 'self' fonts.gstatic.com data:; media-src 'self' data: blob: fast.wistia.com alacriti.wistia.com www.alacriti.com alacriti.com www.buzzsprout.com buzzsprout.com; connect-src 'self' pipedream.wistia.com distillery.wistia.com fast.wistia.com fast.wistia.net browser.sentry-cdn.com js.hs-scripts.com js.hs-analytics.net js.hsforms.net js.usemessages.com track.hubspot.com api.hubspot.com api.hubapi.com hubspot-forms-static-embed.s3.amazonaws.com www.google-analytics.com region1.google-analytics.com www.google.com maps.googleapis.com opps-api.getwarmly.com script.crazyegg.com snap.licdn.com scout-cdn.salesloft.com consent.api.osano.com tattle.api.osano.com cmp.osano.com disclosure.api.osano.com wss://opps-api.getwarmly.com *.drift.com wss://*.drift.com scout.salesloft.com px.ads.linkedin.com forms.hsforms.com forms-na1.hsforms.com tracking.crazyegg.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com js.zi-scripts.com wapi.parmonic.ai a7s.parmonic.ai *.media.parmonic.ai analytics.google.com stats.g.doubleclick.net ws.zoominfo.com static.hsappstatic.net; worker-src 'self' blob:; frame-src 'self' fast.wistia.com fast.wistia.net embed-ssl.wistia.com www.googletagmanager.com forms.hsforms.com maps.google.com www.google.com js.driftt.com widget.drift.com td.doubleclick.net app.hubspot.com alacriti889.outgrow.us *.outgrow.us outgrow.co *.buzzsprout.com buzzsprout.com; form-action 'self' https://forms.hsforms.com https://forms-na1.hsforms.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), microphone=(), geolocation=(), interest-cohort=()

Recommendations

• Strengthen CSP by removing 'unsafe-eval'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

alacriti.com www.alacriti.com