SSL Certificate Analysis for answerforce.co.uk - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=answerforce.co.uk

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

January 06, 2026

Valid Until

April 06, 2026 79 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A8:57:94:02:FC:EE:67:60:CC:42:40:71:D2:16:60:8C:2B:2A:9C:48:06:E0:FC:46:D5:7F:89:8F:4C:1C:65:CD

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; sandbox; +12 more

upgrade-insecure-requests; default-src 'self'; sandbox allow-popups allow-scripts allow-same-origin allow-forms allow-presentation allow-popups-to-escape-sandbox; frame-ancestors 'none'; form-action https://www.facebook.com/tr/; base-uri 'self'; report-uri 'none';img-src 'self' https://assets.answerforce.com/ https://storage.googleapis.com/answerforce/anfo-v2/icon-checkmark-green.svg https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://www.google.com/pagead/1p-user-list/ https://www.googletagmanager.com/ https://www.google.co.in/pagead/ https://p.adsymptotic.com/d/ https://www.google.co.in/ads/ https://www.google.com/ads/ https://d.adroll.com/ https://dsum-sec.casalemedia.com/ https://pixel.advertising.com/ https://pixel.rubiconproject.com/ https://sync.outbrain.com/ https://simage2.pubmatic.com/ https://sync.taboola.com/ https://*.chatsupport.co https://eb2.3lift.com/ https://ads.yahoo.com/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://ups.analytics.yahoo.com/ https://www.facebook.com/tr/ https://ds.reson8.com/ https://segments.company-target.com/ https: data: ;script-src 'self' 'unsafe-inline' 'nonce-2a95f589d5b8445fb4548ea2691a2696' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://unpkg.com/wavesurfer.js https://storage.googleapis.com/clientaccess/registration/ https://assets.answerforce.com/common/js/ https://ipinfo.io/ https://unpkg.com/[email protected]/dist/aos.js https://www.googletagmanager.com/gtm.js https://static.hotjar.com/c/ https://signup.staging.answerforce.com https://signup.answerforce.com https://script.hotjar.com/ https://d.adroll.mgr.consensu.org/consent/ https://s.adroll.com/j/ https://script.hotjar.com/ https://d.adroll.mgr.consensu.org/ https://d.adroll.com/consent/check/ https://www.google-analytics.com/analytics.js https://d.adroll.com/ https://*.smartlook.com https://*.smartlook.cloud https://connect.facebook.net/ https://app.anywherehelp.io/api/client/ https://www.clickcease.com/monitor/stat.js https://app.chatsupport.co/api/client/get/script/ https://*.chatsupport.co blob: https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ ;style-src 'self' 'unsafe-inline' https: ;font-src 'self' data: https://use.typekit.net https://storage.googleapis.com/livesupport/chat/fonts/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/ ;connect-src 'self' https://o151188.ingest.us.sentry.io/ https://stats.g.doubleclick.net/ https://in.hotjar.com/api/v2/client/sites/ https://manager.eu.smartlook.cloud/rec/ https://o151188.ingest.sentry.io https://*.google-analytics.com/ https://assets-proxy.smartlook.cloud/ https://events-writer.smartlook.com/ https://web-writer.sg.smartlook.cloud/ https://*.smartlook.com https://*.smartlook.cloud https://vc.hotjar.io/sessions/ https://api.chatsupport.co wss://rtmserver.anywhereworks.com/ https://signup.answerforce.com https://signup.staging.answerforce.com https://ipinfo.io https://*.hotjar.com wss://*.hotjar.com https://storage.staging.answerforce.com/app https://storage.answerforce.com/app https://storage.googleapis.com/stag-fullstorage https://storage.googleapis.com/fullstorage wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://*.chatsupport.co https://www.googletagmanager.com/ ;media-src 'self' https://storage.googleapis.com/livesupport/ https://*.chatsupport.co ;frame-src 'self' https://www.googletagmanager.com/ https://www.youtube.com/ https://vars.hotjar.com/ https://bid.g.doubleclick.net/ https://*.setmore.com ;object-src 'self' ;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

answerforce.co.uk