SSL Certificate Analysis for apps.powerapps.com - Security Grade & TLS Configuration

Open Cached · just now

88/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=apps.powerapps.com

Issuer

C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 04

Valid From

November 28, 2025

Valid Until

May 27, 2026 175 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA384-RSA

SHA-256 Fingerprint

47:E1:C5:F1:F6:46:32:7D:A6:FC:ED:C2:32:37:03:D5:67:A2:B8:26:8E:CD:E2:57:2F:F8:BE:EA:7C:6F:4B:B9

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

script-src; default-src; manifest-src; +12 more

script-src 'self' blob: 'unsafe-eval' https://*.azure.com https://*.cdn.office.net https://*.content.powerapps.com https://*.microsoft.com https://*.msftauth.net https://*.office365.com https://*.powerapps.com https://*.static.powerapps.com https://login.microsoftonline.com https://make.gov.powerapps.us https://make.powerapps.com https://www.youtube.com 'sha256-Kud9kMnT/4fURex4Sxr6LYdFWbtn3LR2WDHyFuapvvw=' 'sha256-HJxn72LTLJMPGsE+oNGolGTmMzipPKn6pEgaGJHBVeA=' 'sha256-TzAKBNrCD08tRbm6oayC58+C6sbdHMcTzyJhGOCrVU8=' 'sha256-Y8ROvxe2EtM+CP6juXdpZrzRfG2REm4jAfvSebn7pGU='; default-src 'self' https://*.content.powerapps.com https://*.static.powerapps.com https://content.powerapps.com https://static.powerapps.com; manifest-src 'self' https://*.powerapps.com https://make.powerapps.com https://*.dynamics.com; img-src 'self' blob: data: *; base-uri 'self'; frame-ancestors 'self' https://*.azure.com https://*.dynamics.com https://*.microsoft.com https://*.office.com https://*.powerapps.com https://*.powerappsportals.com https://*.powerautomate.com https://*.powerbi.com https://*.powerplatform.com https://*.powerva.microsoft.com https://*.sharepoint.com https://*.spoppe.com https://copilotstudio.microsoft.com https://teams.cloud.microsoft https://teams.microsoft.com https://*.cloud.microsoft; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://vsa.services.microsoft.com https://*.services.microsoft.com; font-src 'self' https://*.cdn.office.net https://*.content.powerapps.com https://*.microsoft.com https://*.sharepointonline.com https://*.static.powerapps.com https://content.powerapps.com https://fonts.gstatic.com https://static.powerapps.com https://use.typekit.net/ https://vsa.services.microsoft.com data:; worker-src 'self' blob:; media-src 'none'; object-src 'none'; form-action https://*.dynamics.com https://*.mcas.ms; frame-src https://*.access.mcas.ms https://*.ces.microsoftcloud.com https://*.dynamics.com https://*.microsoft.com https://*.msidentity.com https://*.office.com https://*.powerapps.com https://*.powerautomate.com https://*.powerbi.com https://*.sharepoint.com https://*.windows.net https://amcdn.msftauth.net https://login.microsoftonline.com https://make.gov.powerapps.us https://microsoft.onmicrosoft-com.access.mcas.ms https://www.yammer.com https://www.youtube.com https://yammer.com https://athena-ui-prod.trafficmanager.net https://*.vo.msecnd.net; connect-src 'self' blob: data: https://*.azure-apihub.net https://*.azure-api.net https://*.azure-apim.net https://*.azure.com https://*.blob.core.windows.net https://*.botframework.com https://*.cdn.office.net https://*.clarity.ms https://*.cloud.microsoft https://*.crm.dynamics.com https://*.dynamics.com https://*.live.com https://*.microsoft.com https://*.microsoftcloud.com https://*.msedge.net https://*.msn.com https://*.office.com https://*.office365.com https://*.officeppe.com https://*.powerapps.com https://*.powerplatform.com https://*.skype.com https://*.skype.net https://*.web.core.windows.net/ https://api.appcenter.ms https://api.figma.com https://api.powerbi.com https://dc.services.visualstudio.com https://gov.api.bap.microsoft.us https://gov.api.powerapps.us https://login.microsoftonline.com https://noam.events.data.microsoft.com https://outlook.office365.com https://r4.res.office365.com https://config.centro.core.microsoft/config https://tip1-shared.azure-apim.net https://world.ces.microsoftcloud.com https://vsa.services.microsoft.com https://*.augloop.svc.cloud.microsoft https://augloop.svc.cloud.microsoft https://api.powerplatformusercontent.com https://*.api.powerplatformusercontent.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.azure.com wss://*.botframework.com wss://*.officeppe.com wss://*.office.com wss://make.gov.powerapps.us https://*.gateway.prod.island.powerapps.com wss://*.gateway.prod.island.powerapps.com wss://directline.botframework.com https://*.service.signalr.net wss://*.service.signalr.net; report-uri https://csp.microsoft.com/report/PPUX-Hosting;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

apps.powerapps.com *.apps.powerapps.com