SSL Certificate Analysis for app.usersnap.com - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=usersnap.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

June 09, 2025

Valid Until

July 07, 2026 157 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

6E:ED:A9:54:56:35:E0:2D:AD:71:08:C6:FC:7B:7F:8C:9F:81:0A:47:63:16:15:36:3F:B9:A3:49:01:12:F6:35

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; script-src; connect-src; +7 more

default-src *.usersnap.com 'nonce-3796d129d20c322d2435f750575d3723'; script-src *.usersnap.com 'nonce-3796d129d20c322d2435f750575d3723' https://js.stripe.com *.facebook.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.googletagmanager.com www.google-analytics.com *.stream-io-api.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://r.wdfl.co; connect-src *.usersnap.com https://s3.eu-central-1.amazonaws.com https://api.stripe.com https://www.googleapis.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com ws: wss: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.ingest.sentry.io https://stats.g.doubleclick.net https://formkeep.com https://api.getrewardful.com wss:; style-src *.usersnap.com 'unsafe-inline' fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.google.com; img-src *.usersnap.com blob: data: https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.comres.cloudinary.com https://intercom.help twemoji.maxcdn.com www.gravatar.com *.wp.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://i0.wp.com https://*.atlassian.net https://*.atlassian.com; media-src *.usersnap.com https://js.intercomcdn.com; font-src *.usersnap.com fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src *.usersnap.com https://js.stripe.com https://hooks.stripe.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.loom.com/; worker-src *.usersnap.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com; frame-ancestors 'self';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

usersnap.com *.usersnap.com