Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
C=GB, ST=London, O=Pearson PLC, CN=app.workforce.pearson.com
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV R36
Valid From
September 21, 2025
Valid Until
September 21, 2026
224 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EB:6B:4D:C5:32:E0:91:23:B5:3D:46:12:44:65:D0:E8:24:74:79:8B:21:94:1C:E7:61:15:1A:0B:11:8C:ED:FC
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; img-src; +11 more
default-src https: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net cdn.cookielaw.org *.hotjar.com script.hotjar.com vars.hotjar.com static.hotjar.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-6249370541096960.storage.googleapis.com data.pendo.io cdn.segment.com cdnjs.cloudflare.com *.faethm.ai; img-src 'self' cdn.cookielaw.org *.faethm.ai https://*.hubspotusercontent-na1.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io cdn.pendo.io app.pendo.io pendo-static-6249370541096960.storage.googleapis.com data.pendo.io blob: data:; base-uri 'self'; form-action 'self'; object-src 'none'; frame-ancestors app.pendo.io; worker-src https: blob: 'self'; child-src 'self' auth.faethm.ai script.hotjar.com vars.hotjar.com static.hotjar.com app.pendo.io blob:; report-uri https://faethm.report-uri.com/r/d/csp/enforce; report-to default; style-src 'self' 'unsafe-inline' cdn.cookielaw.org script.hotjar.com vars.hotjar.com static.hotjar.com app.pendo.io cdn.pendo.io *.faethm.ai pendo-static-6249370541096960.storage.googleapis.com cdnjs.cloudflare.com; connect-src https://noembed.com *.credly.com *.vimeo.com *.youtube.com *.workforce-dev.pearsondev.tech *.workforce-non.pearsondev.tech *.workforce.pearsonprd.tech *.pearson.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com browser-intake-datadoghq.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://ws1.hotjar.com/api/v2/client/ws in.hotjar.com api.rollbar.com open.mapquestapi.com *.mapbox.com *.faethm.ai app.pendo.io data.pendo.io pendo-static-6249370541096960.storage.googleapis.com cdn.optimizely.com cdn.segment.com api.segment.io script.hotjar.com vars.hotjar.com static.hotjar.com *.hotjar.com; font-src 'self' *.faethm.ai
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports