SSL Certificate Analysis for atlantech.net - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=atlantech.net

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

November 22, 2025

Valid Until

February 20, 2026 32 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

A9:2D:61:75:4B:15:BC:55:09:E4:11:DD:A6:04:49:81:97:D6:F7:C1:34:0A:41:8D:49:F8:23:78:A2:5D:93:29

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

Content-Security-Policy:; base-uri; object-src; +10 more

Content-Security-Policy: default-src 'self' data:; base-uri 'none'; object-src 'none'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' https://app.chattitude.ai *.cloudfront.net *.gstatic.com *.googleapis.com *.google.com *.google.ca *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com *.hubspot.net cdn2.hubspot.net static.hsappstatic.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com googleads.g.doubleclick.net sc.lfeeder.com *.luckyorange.com https://tools.luckyorange.com widget.trustpilot.com www.googletagmanager.com snap.licdn.com a.remarketstats.com a.clickcertain.com us-assets.i.posthog.com *.hubspotusercontent-na1.net; connect-src 'self' https://app.chattitude.ai wss://app.chattitude.ai *.cloudfront.net https://sessions.bugsnag.com wss://ws-us3.pusher.com *.hsforms.com *.hsforms.net *.googleapis.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net www.google-analytics.com settings.luckyorange.com px.ads.linkedin.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live www.google.com; img-src 'self' https://app.chattitude.ai *.cloudfront.net https://helixuserimages.s3.us-west-1.amazonaws.com data: blob: www.googletagmanager.com *.googleapis.com *.gstatic.com *.linkedin.com 275827.fs1.hubspotusercontent-na1.net tr-rc.lfeeder.com js.hscta.net via.placeholder.com no-cache.hubspot.com *.hubspot.com *.hubspot.net *.hsforms.com *.hsforms.net *.hsappstatic.net px.ads.linkedin.com tr.lfeeder.com *.google.com *.google.ca perf-na1.hsforms.com; frame-src 'self' https://app.chattitude.ai *.cloudfront.net *.hsforms.com *.hsforms.net *.google.com *.google.ca *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com www.atlantech.net td.doubleclick.net a.clickcertain.com widget.trustpilot.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.googleapis.com cdn2.hubspot.net www.atlantech.net *.bootstrapcdn.com *.hsappstatic.net 495780.fs1.hubspotusercontent-na1.net *.hubspotusercontent-na1.net https://app.chattitude.ai *.cloudfront.net; font-src 'self' https://fonts.gstatic.com 495780.fs1.hubspotusercontent-na1.net maxcdn.bootstrapcdn.com https://app.chattitude.ai *.cloudfront.net; worker-src blob: media-src 'self' https://app.chattitude.ai *.cloudfront.net; child-src 'self' *.hsforms.com; form-action 'self' *.hsforms.com *.hsforms.net;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

atlantech.net