SSL Certificate Analysis for assemblyai.com - Security Grade & TLS Configuration

Open Cached · just now

94/100 SECURITY SCORE

Certificate Information

Subject

CN=assemblyai.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

November 25, 2025

Valid Until

February 23, 2026 35 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

35:B9:2F:AD:C6:EC:E8:1E:B9:4D:C2:01:6D:89:73:52:34:9E:14:B2:11:5D:EB:44:33:5D:1F:38:CC:7C:06:41

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; style-src; +5 more

default-src 'self'; script-src 'self' 'unsafe-inline' https://www.assemblyai.com blob: https://scripts.clarity.ms/0.8.45/clarity.js https://scripts.clarity.ms/0.8.38/clarity.js https://boards.greenhouse.io/ https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js https://scripts.clarity.ms/0.8.30/clarity.js https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.js.map https://unpkg.com/@vapi-ai/client-sdk-react/dist/embed/widget.umd.js https://cdnjs.cloudflare.com/ajax/libs/gsap https://cdn.jsdelivr.net/npm/[email protected]/dist/gsap.min.js https://cdn.logr-ingest.com/logger-1.min.js https://cdn.jsdelivr.net/npm/livekit-client/dist/livekit-client.umd.min.js https://*.clarity.ms/collect https://www.google.com.ng/pagead/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms/s/ https://www.clarity.ms/tag/ https://googleads.g.doubleclick.net/pagead/ https://cdn.jsdelivr.net/npm/@splidejs/[email protected]/dist/js/splide.min.js https://cdn.jsdelivr.net/npm/@splidejs/[email protected]/dist/js/splide-extension-auto-scroll.min.js https://www.datadoghq-browser-agent.com/us1/v6/datadog-rum.js https://cdn.cookielaw.org https://www.google-analytics.com/ https://tracking.g2crowd.com/ https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://script.hotjar.com/ https://www.googletagmanager.com/ https://*.website-files.com https://cdn.jsdelivr.net/npm/@finsweet/ https://ajax.googleapis.com https://d3e54v103j8qbb.cloudfront.net/js/ https://d3e54v103j8qbb.cloudfront.net https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ https://cdn-ukwest.onetrust.com/ https://www.assemblyai.com/ https://rs-cdn.assemblyai.com/ https://widget.usepylon.com/ https://o4506147015688192.ingest.us.sentry.io/api/ https://api.rudderstack.com/ https://error-cdn.assemblyai.com/8ee0fe3650cbb48ff632bc21758e64d0.min.js https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-chtml.js https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.4.0/highlight.min.js https://cdnjs.cloudflare.com/ajax/libs/highlightjs-line-numbers.js/2.8.0/highlightjs-line-numbers.min.js https://cdn.jsdelivr.net/npm/@splidejs/[email protected]/dist/js/splide-extension-auto-scroll.min.js https://cdn.jsdelivr.net/npm/@splidejs/[email protected]/dist/js/splide.min.js https://www.youtube.com https://s.ytimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css https://cdn.jsdelivr.net/npm/@splidejs/[email protected]/dist/css/splide-core.min.css https://*.website-files.com/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/highlight.js/ https://*.usepylon.com/; img-src 'self' data: https://github.com/AssemblyAI-Examples/ https://www.googleadservices.com/pagead/ https://px.ads.linkedin.com/ https://c.bing.com/ https://*.ads.linkedin.com/collect https://c.clarity.ms/c.gif https://www.googletagmanager.com/ https://www.google.ca/ https://www.google.ch/ https://www.google.cn/ https://www.google.co.id/ https://www.google.co.in/ https://www.google.co.jp/ https://www.google.co.nz/ https://www.google.co.uk/ https://www.google.co.za/ https://www.google.com.ar/ https://www.google.com.au/ https://www.google.com.br/ https://www.google.com.mx/ https://www.google.com.ng/ https://www.google.com.pk/ https://www.google.com/ https://www.google.de/ https://www.google.es/ https://www.google.fr/ https://www.google.it/ https://www.google.nl/ https://www.google.pl/ https://www.google.pt/ https://www.google.ru/ https://www.google.se/ https://c.clarity.ms/c.gif https://www.googletagmanager.com/ https://www.google.com/pagead/1p-user-list/ https://*.website-files.com/ https://cdn-ukwest.onetrust.com https://i.ytimg.com https://yt3.ggpht.com https://cdn.cookielaw.org/ https://analytics.twitter.com/ https://t.co/ https://avatars.slack-edge.com/ https://*.usepylon.com/; media-src 'self' https://res.cloudinary.com https://*.website-files.com/ https://assemblyaiassets.com/ https://f004.backblazeb2.com/ https://www.youtube.com; font-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/webfonts/ https://fonts.gstatic.com/ https://*.website-files.com/ https://*.usepylon.com/ data:; connect-src 'self' wss://docs-aaigent.up.railway.app/ https://cdn.jsdelivr.net/npm/livekit-client/dist/livekit-client.umd.js.map https://c.daily.co/call-machine/versioned/0.80.0/static/call-machine-object-bundle.js https://api.vapi.ai/call/web https://*.assemblyai.com https://www.googleadservices.com/pagead/ https://px.ads.linkedin.com/ wss://*.livekit.cloud https://*.livekit.cloud/settings/regions https://token-server-l230.onrender.com/get-token https://*.webflow.com https://*.webflow.io https://*.clarity.ms/collect https://region1.google-analytics.com/g/ https://www.google.com/ccm/ https://googleads.g.doubleclick.net/ wss://ws.hotjar.com/api/v2/client/ws https://google.com/pagead/form-data/ https://browser-intake-datadoghq.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://*.website-files.com/ https://js.sentry-cdn.com https://browser.sentry-cdn.com/ https://cdn-ukwest.onetrust.com/ https://www.assemblyai.com/ https://rs-cdn.assemblyai.com https://widget.usepylon.com/ https://o4506147015688192.ingest.us.sentry.io/api/ https://api.rudderstack.com/ https://devrel.sandbox.assemblyai.xyz https://cdn.cookielaw.org/ https://assemblyairuzw.dataplane.rudderstack.com/ https://tracking-api.g2.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org https://*.usepylon.com/ https://*.pusher.com/ wss://*.pusher.com https://*.hotjar.io/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://www.youtube.com https://www.google.com; frame-src 'self' https://job-boards.greenhouse.io/ https://airtable.com https://www.googletagmanager.com/ https://*.website-files.com/ https://widget.usepylon.com/ https://cdn.embedly.com/ https://cdn.cookielaw.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.doubleclick.net/;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

autoplay=(self), geolocation=(self), clipboard-read=(self), clipboard-write=(self)

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

assemblyai.com