SSL Certificate Analysis for altium.com - Security Grade & TLS Configuration

Open Cached · just now

84/100 SECURITY SCORE

Certificate Information

Subject

CN=*.altium.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M01

Valid From

January 24, 2026

Valid Until

February 22, 2027 388 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

73:6B:4C:77:55:23:F1:D2:E4:83:52:F3:BC:E4:E2:83:AF:4C:24:B6:D6:B8:1A:86:F9:B3:B4:27:53:03:5B:11

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; connect-src; font-src; +9 more

default-src 'self' altium.com *.altium.com *.altium365.com; connect-src 'self' altium.com *.altium.com *.altium365.com *.hotjar.com *.hotjar.io *.devstages.com v2.api.uberflip.com play.vidyard.com cdn.bizible.com 817-sfw-071.mktoresp.com api.segment.io api.amplitude.com bat.bing.com d.adroll.com https://*.optimizely.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.googleapis.com *.firebaseio.com wss://*.firebaseio.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com mc.yandex.ru *.clarity.ms https://boards-api.greenhouse.io/v1/boards/braze/departments https://boards-api.greenhouse.io/v1/boards/altium/departments https://boards-api.greenhouse.io/v1/boards/*/departments https://boards-api.greenhouse.io/v1/boards/altium/jobs https://apihub.document360.io/v1/articles/ https://apihub.document360.io/v1/projectversions/ https://cdn.cookielaw.org *.onetrust.com ajax.googleapis.com *.g.doubleclick.net *.googlesyndication.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com cdn.segment.com calendly.com c.6sc.co ipv6.6sc.co cdn.mxpnl.com assets.apollo.io px.ads.linkedin.com aplo-evnt.com api-js.mixpanel.com https://cdn.growthbook.io profile.altium365.com ws.zoominfo.com api.schedule.zoominfo.com js.zi-scripts.com *.customgpt.ai *.drift.com altium.my.salesforce-sites.com altium.my.salesforce-scrt.com *.qualified.com wss://ws4.qualified.com *.doubleclick.net *.capterra.com *.reddit.com https://www.google-analytics.com https://www.googletagmanager.com https://o406350.ingest.sentry.io/api/4504513653833728/envelope/; font-src 'self' data: altium.com *.altium.com d2ns91cgb08z5o.cloudfront.net d25n9y37pkfre9.cloudfront.net dhm5hy2vn8l0l.cloudfront.net themes.googleusercontent.com fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; frame-src 'self' altium.com *.altium.com *.hotjar.com *.doubleclick.net *.fls.doubleclick.net *.adroll.com http://4296759.fls.doubleclick.net *.marketo.com *.twitter.com play.vidyard.com d3l9fju211jpzs.cloudfront.net js.driftt.com www.instagram.com www.youtube.com www.google.com www.facebook.com http://altium.force.com/* http://altium.force.com https://altium.my.salesforce-sites.com https://altium-dev.os.tc *.getfeedback.com *.addtoany.com *.firebaseio.com https://vars.hotjar.com https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://boards.greenhouse.io/* https://Altium.drift.click calendly.com app.getreprise.com https://altium.storylane.io https://*.googletagmanager.com https://hackerone.com *.customgpt.ai *.statuspage.io https://www.surveymonkey.com/ service.force.com altium.my.site.com *.qualified.com *.reddit.com; img-src * data:; manifest-src 'self' *.altium.com *.altium365.com *.files.altium.com *.files.altium365.com; object-src 'none'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' blob: altium.com *.altium.com *.altium365.com *.adroll.com *.marketo.com *.hotjar.com *.twitter.com d2ns91cgb08z5o.cloudfront.net d3l9fju211jpzs.cloudfront.net d25n9y37pkfre9.cloudfront.net analytics.twitter.com bat.bing.com cdn.bizible.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.segment.com cdn.syndication.twimg.com cdn.amplitude.com connect.facebook.net content.cdntwrk.com dev.visualwebsiteoptimizer.com ml314.com *.ml314.com d.adroll.mgr.consensu.org js.driftt.com go.toutapp.com googleads.g.doubleclick.net munchkin.marketo.net pixel-geo.prfct.co play.vidyard.com snap.licdn.com static.addtoany.com static.ads-twitter.com tag.marinsm.com tag.bounceexchange.com www.upsellit.com www.instagram.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.google.com www.gstatic.com www.redditstatic.com www.youtube.com onesignal.com *.onesignal.com *.getfeedback.com *.firebaseio.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.clarity.ms mc.yandex.ru https://cdn.cookielaw.org ajax.googleapis.com assets.calendly.com js.storylane.io *.6sc.co cdn.mxpnl.com assets.apollo.io *.sf-syn.com tracking.g2crowd.com js.zi-scripts.com ws-assets.zoominfo.com schedule.zoominfo.com *.customgpt.ai *.statuspage.io widget.surveymonkey.com *.salesforceliveagent.com altium.my.salesforce.com altium.my.salesforce-sites.com static.lightning.force.com altium.my.site.com *.qualified.com *.capterra.com cdnjs.cloudflare.com go.altium.com https://cdn-shared.altium.com https://cdn.files.altium.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://play.vidyard.com https://profile.altium.com https://profile.dev1.altium.com https://profile.uat1.altium.com https://service.force.com https://static.addtoany.com https://thelebster.github.io https://unpkg.com https://www.altium.com https://www.google.com https://www.gstatic.com viewer.altium.com www.altium.com; style-src 'self' 'unsafe-inline' altium.com *.altium.com *.altium365.com *.marketo.com *.twitter.com *.twimg.com cloud.typography.com d2ns91cgb08z5o.cloudfront.net d25n9y37pkfre9.cloudfront.net onesignal.com fonts.googleapis.com www.googletagmanager.com assets.calendly.com service.force.com altium.my.salesforce-sites.com altium.my.force.com altium.my.site.com cdnjs.cloudflare.com https://cdn-shared.altium.com https://cdn.files.altium.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com www.altium.com; worker-src 'self'; base-uri 'self'; upgrade-insecure-requests

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

altium.com *.altium.com