SSL Certificate Analysis for app.superpath.io - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=superpath.io

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 11, 2025

Valid Until

March 11, 2026 57 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

CF:EE:3A:D6:6B:DB:52:81:3A:E9:E9:C1:71:17:AE:0C:D3:69:AD:25:82:77:55:56:F6:1D:33:18:4D:CE:CF:51

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000; includeSubDomains

Content-Security-Policy

Basic

default-src; img-src; media-src; +10 more

default-src 'self'; img-src * 'unsafe-inline' 'self' data: *.foundu.com.au *.genially.com *.calendly.com https://calendly.com *.jotform.com *.jotfor.ms; media-src * https://res.cloudinary.com; font-src 'self' https://fonts.gstatic.com https://pro.fontawesome.com https://client.crisp.chat *.genially.com *.jotform.com *.jotfor.ms https://calendly.com *.calendly.com https://js.stripe.com data: https://frill-prod-app.b-cdn.net; worker-src 'self' blob: https://app.superpath.io; style-src 'self' 'unsafe-inline' https://app.superpath.io https://fonts.googleapis.com https://pro.fontawesome.com https://client.crisp.chat *.superpath.dev *.superpath.io *.mili.academy *.mili-academy.dev *.genially.com *.calendly.com *.jotform.com *.jotfor.ms https://calendly.com https://statics-view.genially.com https://widget.frill.co https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; script-src 'sha256-GvESGdHqY5vKpJeULYmOEvPfngE2Zb622GG30iiaU1U=' 'self' * 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com https://app.superpath.io *.google-analytics.com https://client.crisp.chat https://cdn.headwayapp.co/widget.js https://cdn.jsdelivr.net/npm/[email protected]/dist/scorm-again.js https://www.googletagmanager.com https://cdn.lr-ingest.io https://js.stripe.com/v3 https://www.recaptcha.net https://res.cloudinary.com https://dev.mindsmith.ai https://app.mindsmith.ai https://*.mindsmith.ai *.superpath.dev *.superpath.io *.mili.academy *.mili-academy.dev https://sockjs-us3.pusher.com https://sockjs-ap1.pusher.com https://view.genially.com *.genially.com *.calendly.com https://calendly.com https://widget.frill.co *.jotform.com *.jotfor.ms https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; connect-src https://share.synthesia.io https://*.synthesia.io https://*.wistia.com https://vimeo.com https://us.i.posthog.com https://app.superpath.io https://api.superpath.io *.google-analytics.com https://www.googleapis.com https://www.google.com.au https://www.recaptcha.net ws://ws-us3.pusher.com ws://ws-ap1.pusher.com data: https://analytics.google.com https://r.lr-ingest.io https://securetoken.googleapis.com https://ipv4.icanhazip.com https://api.ipify.org https://analytics.superpath.dev https://analytics.superpath.io https://analytics.mili-academy.dev https://analytics.mili.academy https://scorm.superpath.dev https://scorm.superpath.io https://scorm.mili-academy.dev https://scorm.mili.academy wss://client.relay.crisp.chat https://client.crisp.chat https://res.cloudinary.com https://dev.mindsmith.ai https://app.mindsmith.ai https://*.mindsmith.ai *.genially.com https://calendly.com *.calendly.com *.superpath.dev *.superpath.io *.mili.academy *.mili-academy.dev https://view.genially.com https://s3.eu-west-1.amazonaws.com https://audios.genially.com https://widget.frill.co https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; form-action 'self'; frame-src 'self' https://js.stripe.com/ https://www.recaptcha.net https://*.zoom.us/ https://www.loom.com/ https://share.synthesia.io/ https://*.wistia.com/ https://vimeo.com/ https://player.vimeo.com https://www.youtube.com https://app.superpath.dev https://app.superpath.io https://app.mili.academy https://app.mili-academy.dev https://superpath-web-dev.firebaseapp.com https://dev.mindsmith.ai https://app.mindsmith.ai https://*.mindsmith.ai https://td.doubleclick.net/ https://view.genially.com *.genially.com https://calendly.com *.calendly.com *.superpath.io *.superpath.dev *.mili.academy *.mili-academy.dev *.synthesia.io share.synthesia.io https://upload-widget.cloudinary.com https://res.cloudinary.com https://docs.google.com https://widget.frill.co *.jotform.com *.jotfor.ms https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au; frame-ancestors 'self' https://www.loom.com https://*.wistia.com https://share.synthesia.io https://*.synthesia.io https://calendly.com *.calendly.com *.jotform.com *.jotfor.ms; object-src 'none'; base-uri https://app.superpath.io https://learning.farrellventures.com.au https://learning.stockbrokers.org.au https://learn.happyhr.com https://demo.mili.academy https://academy.raisethebar.org.au https://learning.veridapt.com https://thehub.keypathedu.com.au https://thrive.wuchopperen.org.au https://skills.skinkandy.com https://learning.myhubintranet.com https://learning.altusgroup.com.au https://learning.carbongroup.com.au https://spark.hardiegrant.com.au https://learning.nawic.com.au https://learning.richardcrookes.com.au

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

superpath.io *.superpath.io