SSL Certificate Analysis for alpha.transect.com - Security Grade & TLS Configuration

Open Cached · just now

90/100 SECURITY SCORE

Certificate Information

Subject

CN=transect.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

November 12, 2025

Valid Until

February 10, 2026 65 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

05:B7:AE:D4:AB:77:CA:53:5E:64:31:5C:A8:B3:0A:89:EE:EA:79:88:16:76:C8:A2:AF:83:EA:F6:82:1C:EE:CD

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; base-uri; connect-src; +9 more

default-src 'self' https://app.transect.com * data: blob:; base-uri 'self';connect-src 'self' wss://*.intercom.io https://*.intercom.io https://challenges.cloudflare.com https://www.google.com https://www.google.com.qa https://*.hs-analytics.net https://*.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.newrelic.com http://localhost:3000 https://*.hs-banner.com https://*.hubspot.com https://*.stripe.com https://*.hotjar.com https://*.hotjar.io https://csp-reporting.cloudflare.com https://wildlife.ca.gov https://js.hsleadflows.net https://region1.analytics.google.com https://*.arcgis.com https://i.imgflip.com https://*.gstatic.com wss://ws.hotjar.com https://*.storage.googleapis.com https://cdn.pendo.io https://app.pendo.io https://clientstream.launchdarkly.com https://*.fontawesome.com https://cdn.loom.com https://*.doubleclick.net https://data.pendo.io https://*.nationalmap.gov https://*.cenhud.com https://js.hsadspixel.net https://*.google-analytics.com https://server.arcgisonline.com https://*.fema.gov https://*.tplgis.org https://*.epa.gov https://events.mapbox.com https://fwsprimary.wim.usgs.gov https://js.usemessages.com https://storage.googleapis.com https://bam.nr-data.net https://bam-cell.nr-data.net https://kit.fontawesome.com https://*.mapbox.com https://cdn.segment.com https://*.pusher.com https://*.transect.com https://cdn-global.configcat.com https://*.rollbar.com data: 'unsafe-eval' https://js.stripe.com https://www.googletagmanager.com https://cdn.pendo.io https://analytics.google.com https://fonts.gstatic.com https://script.hotjar.com https://alpha-api-923914648498.us-central1.run.app wss://ws-us2.pusher.com https://performance.radar.cloudflare.com https://fonts.googleapis.com https://js-agent.newrelic.com https://api.segment.io https://gis.blm.gov https://js.hs-scripts.com https://api.hubapi.com https://js.hubspotfeedback.com https://perf-na1.hsforms.com; font-src 'self' https: data: https://*.googleapis.com; form-action 'self' https://*.hubspot.com https://www.facebook.com; frame-ancestors 'self' https://*.transect.com; img-src 'self' https://*.googleusercontent.com https://app.pendo.io https://data.pendo.io https://*.pendo.io https://*.hubspot.com https://*.google.com https://*.facebook.com https://*.google-analytics.com https://*.gstatic.com https://media.transect.com https://*.hotjar.com https://transect-assets.s3.amazonaws.com https://*.transect.com data: blob: https://storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-eval' blob: https://*.storage.googleapis.com https://*.intercomcdn.com https://cdn.pendo.io https://data.pendo.io https://*.intercom.io https://app.pendo.io https://*.hubspot.com https://*.usemessages.com https://*.hsadspixel.net https://*.hsleadflows.net https://*.hs-banner.com https://*.hs-scripts.com https://*.mapbox.com https://*.hubspotfeedback.com https://*.doubleclick.net https://*.hs-analytics.net https://*.stripe.com https://*.pendo.io https://*.hotjar.com https://cdnjs.cloudflare.com https://*.segment.com https://js-agent.newrelic.com https://*.transect.com 'unsafe-inline' https://www.googletagmanager.com https://kit.fontawesome.com https://kit.fontawesome.com/5ceed8865f.js;script-src-attr 'unsafe-inline'; style-src 'self' https://*.googleapis.com https://app.pendo.io https://*.hotjar.com https://*.hubspot.com https://kit.fontawesome.com https://cdn.jsdelivr.net https://js-agent.newrelic.com 'unsafe-inline';frame-src https://app.pendo.io https://app.hubspot.com https://*.transect.com https://storage.googleapis.com

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

geolocation=(self https://api.mapbox.com)

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

transect.com *.transect.com