SSL Certificate Analysis for altudo.co - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=*.altudo.co

Issuer

C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2

Valid From

October 23, 2025

Valid Until

November 04, 2026 288 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

96:32:9F:A9:00:1D:ED:2D:3B:F5:12:74:54:E8:55:39:C5:7E:F4:79:C2:C9:97:8C:D9:42:61:06:7C:49:61:EE

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

base-uri; object-src; form-action; +12 more

base-uri 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://snap.licdn.com https://px.ads.linkedin.com https://www.googleadservices.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://js.zi-scripts.com https://cdn.segment.com https://www.gstatic.com https://q.clarity.ms https://www.clarity.ms https://o.clarity.ms https://u.clarity.ms https://scripts.clarity.ms https://dc.services.visualstudio.com https://js.monitor.azure.com https://player.vimeo.com https://vimeo.com https://www.youtube.com https://youtu.be https://sc.lfeeder.com https://unpkg.com https://d35vb5cccm4xzp.cloudfront.net https://d1mj578wat5n4o.cloudfront.net https://ddwl4m2hdecbv.cloudfront.net https://cdn.cookielaw.org https://pi.pardot.com https://cdn.pardot.com https://marketing.altudo.co; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://snap.licdn.com https://px.ads.linkedin.com https://www.googleadservices.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://js.zi-scripts.com https://cdn.segment.com https://www.gstatic.com https://q.clarity.ms https://www.clarity.ms https://o.clarity.ms https://u.clarity.ms https://scripts.clarity.ms https://dc.services.visualstudio.com https://js.monitor.azure.com https://player.vimeo.com https://vimeo.com https://www.youtube.com https://youtu.be https://sc.lfeeder.com https://unpkg.com https://d35vb5cccm4xzp.cloudfront.net https://d1mj578wat5n4o.cloudfront.net https://ddwl4m2hdecbv.cloudfront.net https://cdn.cookielaw.org https://pi.pardot.com https://cdn.pardot.com https://marketing.altudo.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; connect-src 'self' https://altudo-marketing-prod-367860-single.azurewebsites.net https://altudo-marketing-prod-367860-single.azurewebsites.net https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://api.segment.io https://eastus-8.in.applicationinsights.azure.com https://dc.services.visualstudio.com https://api-engage.sitecorecloud.io https://ws.zoominfo.com https://api.turbohire.co https://cdn.segment.com https://altudo-privacy.my.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://q.clarity.ms https://www.clarity.ms https://o.clarity.ms https://u.clarity.ms https://*.clarity.ms https://js.zi-scripts.com https://px.ads.linkedin.com https://www.google.com https://noembed.com https://vimeo.com https://player.vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://pro.ip-api.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://*.pardot.com https://*.salesforce.com; img-src 'self' data: blob: https: https://*.pardot.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net data:; frame-src https://player.vimeo.com https://www.youtube.com https://calendly.com https://www.googletagmanager.com; media-src 'self' https: blob:; worker-src 'self' blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), microphone=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

altudo.co *.altudo.co