SSL Certificate Analysis for app.bluefolder.com - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=*.bluefolder.com

Issuer

C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2

Valid From

January 21, 2025

Valid Until

February 22, 2026 55 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

EE:21:74:50:B2:C2:3A:3B:51:2E:47:AC:5B:D9:9A:8F:6D:F0:81:BF:9B:1F:B5:D3:2B:78:FF:CC:4B:A0:E4:3B

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000

Content-Security-Policy

Basic

default-src; script-src; script-src-elem; +9 more

default-src 'self' https://bluefolder.com https://*.bluefolder.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bluefolder.com https://*.bluefolder.com https://app.getbeamer.com https://cdn.statuspage.io/ https://hostedpayments.fullsteampay.net/ https://hostedpayments-ext.fullsteampay.net/ https://static.hsappstatic.net https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.usemessages.com/ https://js.hsadspixel.net/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://maps.google.com/ https://maps.googleapis.com/ https://googleads.g.doubleclick.net/ https://cdn.mouseflow.com https://ct.capterra.com https://www.google-analytics.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://bluefolder.com https://*.bluefolder.com https://app.getbeamer.com https://cdn.statuspage.io/ https://hostedpayments.fullsteampay.net/ https://hostedpayments-ext.fullsteampay.net/ https://static.hsappstatic.net https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.usemessages.com/ https://js.hsadspixel.net/ https://js.hs-analytics.net/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://maps.google.com/ https://googleads.g.doubleclick.net/ https://cdn.mouseflow.com https://ct.capterra.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://bluefolder.com https://*.bluefolder.com https://fonts.googleapis.com/ https://app.getbeamer.com; img-src 'self' https://bluefolder.com https://*.bluefolder.com https://s3.amazonaws.com/files.bluefolder.com/* https://bfappmediastorageunc.blob.core.windows.net/ https://fonts.googleapis.com/ https://maps.google.com/ https://track.hubspot.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google.com/ https://app.getbeamer.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://lh3.ggpht.com/ https://streetviewpixels-pa.googleapis.com/ https://tools.applemediaservices.com/ https://toolbox.marketingtools.apple.com/ https://play.google.com/ data: blob:; connect-src 'self' https://bluefolder.com https://*.bluefolder.com https://backend.getbeamer.com/ https://hostedpayments.fullsteampay.net/ https://hostedpayments-ext.fullsteampay.net/ https://lw8y4z4r2600.statuspage.io/ https://realtime.getbeamer.com/ https://api.hubspot.com/ https://api.hubapi.com/ https://www.google.com/ https://maps.googleapis.com/ https://px.ads.linkedin.com/wa/; font-src 'self' https://bluefolder.com https://*.bluefolder.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ data:; media-src data: blob:; object-src 'none'; frame-src https://app.getbeamer.com https://meetings.hubspot.com/ https://app.hubspot.com/ https://hostedpayments.fullsteampay.net/ https://hostedpayments-ext.fullsteampay.net/ https://www.googletagmanager.com/; report-to https://app.bluefolder.com/cspreport; report-uri https://app.bluefolder.com/cspreport;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

bluefolder.com *.bluefolder.com