SSL Certificate Analysis for api.bizzabo.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=bizzabo.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

November 25, 2025

Valid Until

February 23, 2026 38 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

29:E7:3E:75:85:FE:E6:6B:F1:8E:F0:B1:32:9B:6E:23:FE:67:68:55:E4:4F:E2:E9:6E:4C:90:33:E7:9F:1A:7D

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; img-src; +7 more

default-src 'self' *.bizzabo.com *.ext.dev.bizzabo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: * *.bizzabo.com *.ext.dev.bizzabo.com *.algolianet.com https://www.google-analytics.com https://assets.zendesk.com https://static.zdassets.com https://eum.instana.io https://cdnjs.cloudflare.com https://cdn.mxpnl.com https://web-sdk.aptrinsic.com https://www.fullstory.com https://assets.zendesk.com https://widget.intercom.io https://widget.cloudinary.com https://js.intercomcdn.com https://widget-mediator.zopim.com *.twitter.com https://api.filepicker.io https://fast.wistia.net https://js.stripe.com https://dme0ih8comzn4.cloudfront.net https://ssl.google-analytics.com https://www.google.com https://maps.googleapis.com https://api.rollbar.com https://core.spreedly.com https://www.googletagmanager.com https://js.hs-analytics.net *.facebook.net *.facebook.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://s.adroll.com https://cdn.transifex.com https://cdn.mxpnl.com; img-src 'self' data: blob: * *.bizzabo.com *.ext.dev.bizzabo.com https://www.google-analytics.com https://assets.zendesk.com https://res.cloudinary.com https://stats.g.doubleclick.net https://s3.amazonaws.com https://q.stripe.com https://platform.slack-edge.com https://maps.gstatic.com https://maps.googleapis.com https://media.licdn.com https://logo.clearbit.com https://storage.googleapis.com https://web-sdk.aptrinsic.com/; style-src 'self' data: 'unsafe-inline' 'unsafe-eval' * *.bizzabo.com *.ext.dev.bizzabo.com https://fonts.googleapis.com https://assets.zendesk.com https://web-sdk.aptrinsic.com https://fast.fonts.net https://s3.amazonaws.com; font-src 'self' data: * *.bizzabo.com *.ext.dev.bizzabo.com https://fonts.googleapis.com https://fonts.gstatic.com https://web-sdk.aptrinsic.com https://js.intercomcdn.com; frame-src 'self' data: KalturaWebcast: kalturawebcast: * *.cloudfront.net *.bizzabo.com *.ext.dev.bizzabo.com https://assets.zendesk.com https://dialog.filepicker.io https://www.filepicker.io https://looker.bizzabo.com https://bizzabo.api.looker.com https://www.google.com https://fast.wistia.net https://js.stripe.com https://widget.cloudinary.com https://core.spreedly.com https://www.googletagmanager.com; connect-src 'self' * *.bizzabo.com *.ext.dev.bizzabo.com https://*.algolia.net *.algolianet.com wss://*.ext.dev.bizzabo.com wss://realtime.bizzabo.com wss://nexus-websocket-a.intercom.io wss://widget-mediator.zopim.com https://s3.amazonaws.com https://rs.fullstory.com https://esp.aptrinsic.com https://api-iam.intercom.io https://eum-eu-west-1.instana.io https://ekr.zdassets.com https://api.mixpanel.com https://bizzabo.zendesk.com https://api.rollbar.com https://www.filepicker.io https://*.agora.io https://*.edge.agora.io https://*.sd-rtn.com https://*.edge.sd-rtn.com https://*.ap.sd-rtn.com https://*.statscollector.sd-rtn.com wss://*.agora.io wss://*.sd-rtn.com wss://*.ap.sd-rtn.com wss://*.statscollector.sd-rtn.com wss://*.edge.agora.io wss://*.edge.sd-rtn.com https://webrtc-cloud-proxy.sd-rtn.com wss://webrtc-cloud-proxy.sd-rtn.com; media-src 'self' blob: * *.bizzabo.com *.ext.dev.bizzabo.com https://static.zdassets.com https://media.licdn.com https://s3.amazonaws.com; object-src 'self' * https://res.cloudinary.com; child-src 'self' *.bizzabo.com *.ext.dev.bizzabo.com blob:

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

bizzabo.com *.bizzabo.com