SSL Certificate Analysis for app.lemlist.com - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=lemlist.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

November 16, 2025

Valid Until

February 14, 2026 26 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

93:8D:72:24:7B:EA:00:F7:A4:BC:49:52:9C:9C:92:6D:7C:87:1E:C7:9C:C8:4C:33:44:27:07:35:BC:25:14:4C

Alternative Names

3 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000;

Content-Security-Policy

Basic

default-src; script-src; connect-src; +5 more

default-src 'self' blob: https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.hubspoteditor.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.hubspoteditor.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com https://*.usejimo.com https://*.usesjimo.com https://bat.bing.com; connect-src * 'self' blob: https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.hubspoteditor.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com wss://*.verisoul.ai; img-src data: 'self' blob: http://* https://* https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.hubspoteditor.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com; style-src 'self' 'unsafe-inline' blob: https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.hubspoteditor.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com; font-src 'self' blob: data: https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.hubspoteditor.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com; frame-ancestors 'self' blob: chrome-extension: https://*.hubspoteditor.com https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com; frame-src 'self' blob: https://auth.lempire.com https://app.lemlist.com https://app.lemwarm.com https://app.lemcal.com https://app.lemgod.com https://*.rudderlabs.com https://*.cloudfront.net/v6/bugsnag.min.js https://*.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://static.ads-twitter.com http://*.google-analytics.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.stripe.com https://*.lemlist.com https://*.crisp.chat https://*.drift.com https://*.driftt.com https://*.driftqa.com https://*.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.facebook.net https://*.youtube.com https://youtube.com https://*.youtu.be https://youtu.be https://*.ytimg.com https://*.vimeo.com https://*.loom.com https://*.jquery.com https://*.amazonaws.com https://*.calendly.com https://calendly.com https://*.hubspot.com https://*.hsappstatic.net https://*.vidyard.com https://*.wistia.com https://*.outreach.io https://*.typeform.com https://*.salesforce.com https://zapier.com https://*.zapier.com https://*.linkedin.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.hs-analytics.net https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://*.twitter.com https://*.lemcal.com https://lemcal.webflow.io https://media.licdn.com https://senja-assets.b-cdn.net https://*.senja.io https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/hls.js@1 https://app.supademo.com https://*.clarity.ms https://embed.typeform.com https://dms.licdn.com https://*.hubspoteditor.com https://*.r2.cloudflarestorage.com https://*.verisoul.ai https://*.lightning.force.com https://*.my.salesforce.com https://*.visual.force.com https://cdn.jsdelivr.net/npm/react-scan/dist/auto.global.js https://*.default.com https://*.usejimo.com https://*.usesjimo.com https://*.aircall.io https://*.ringover.com https://*.justcall.io https://www.g2.com https://compliance-embed-poc-2156-dev.twil.io;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

3 domains

lemlist.com *.lemlist.com www.lemlist.com