SSL Certificate Analysis for attio.com - Security Grade & TLS Configuration

Open Cached · just now

81/100 SECURITY SCORE

Certificate Information

Subject

CN=attio.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

January 03, 2026

Valid Until

February 02, 2026 19 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

58:B6:04:B5:39:27:62:9F:FF:09:0A:C0:7F:74:8F:96:E0:75:77:F1:84:93:09:85:5D:37:2B:23:68:30:89:0B

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=7776000; includeSubDomains; preload

Content-Security-Policy

Good

base-uri; connect-src; default-src; +11 more

base-uri 'self'; connect-src 'self' blob: ipv4.pdscrb.com *.algolia.net *.algolianet.com *.algolia.io api.attio.com developers.attio.com ingestion.apiary.beehiiv.net ingestion.prod.apiarydata.net www.facebook.com adservice.google.com www.googleadservices.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ad.doubleclick.net via.intercom.io api.intercom.io api.au.intercom.io api.eu.intercom.io api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.eu.intercomcdn.com uploads.intercomusercontent.com *.ads.linkedin.com cdn.linkedin.oribi.io bat.bing.com bat.bing.net *.clarity.ms c.bing.com api-js.mixpanel.com admin.partnerpage.io api.perfalytics.com edge.fullstory.com perfalytics.com rs.fullstory.com *.quora.com conversions-config.reddit.com www.redditstatic.com pixel-config.reddit.com o394581.ingest.sentry.io/api/4505793402896384/ evnt.byspotify.com pixels.spotify.com analytics.twitter.com https://vercel.live wss://ws-us3.pusher.com; default-src 'self'; font-src 'self' fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com at.alicdn.com attio.com https://vercel.live https://assets.vercel.com; form-action 'self' intercom.help api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io; frame-ancestors 'self' app.storyblok.com; frame-src 'self' www.facebook.com www.googletagmanager.com *.g.doubleclick.net td.doubleclick.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net perspectivefunnel.co form.typeform.com www.typeform.com https://vercel.live www.youtube-nocookie.com www.youtube.com/embed/ jobs.ashbyhq.com; img-src 'self' verifi.pdscrb.com www.facebook.com googleads.g.doubleclick.net www.google.com google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ad.doubleclick.net blob: data: js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com *.ads.linkedin.com bat.bing.com bat.bing.net *.clarity.ms c.bing.com attio.com content.partnerpage.io api.producthunt.com/widgets/embed-image/v1/featured.svg *.quora.com alb.reddit.com a.storyblok.com/f/234930/ analytics.twitter.com t.co pbs.twimg.com/profile_images/ https://vercel.live https://vercel.com i.vimeocdn.com i.ytimg.com jobs.ashbyhq.com; media-src 'self' js.intercomcdn.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com a.storyblok.com/f/234930/; object-src 'none'; script-src 'self' 'unsafe-inline' d34r8q7sht0t9k.cloudfront.net s3.amazonaws.com/beehiiv-adnetwork-production/ ajax.cloudflare.com connect.facebook.net www.googleadservices.com www.google.com www.googletagmanager.com *.google-analytics.com *.g.doubleclick.net apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com app.intercom.io widget.intercom.io js.intercomcdn.com snap.licdn.com bat.bing.com bat.bing.net *.clarity.ms c.bing.com cdn.mxpnl.com code.jquery.com edge.fullstory.com js.partnerpage.io perfalytics.com js-temp-backup.partnerpage.io perspectivefunnel.co *.quora.com www.redditstatic.com pixel.byspotify.com pixels.spotify.com app.storyblok.com/* static.ads-twitter.com va.vercel-scripts.com https://vercel.live cdn.jsdelivr.net/gh/paulirish/ www.youtube.com jobs.ashbyhq.com; style-src 'self' 'unsafe-inline' cdn.partnerpage.io fonts.googleapis.com https://vercel.live cdn.jsdelivr.net/gh/paulirish/; worker-src 'self' intercom-sheets.com www.intercom-reporting.com www.youtube.com player.vimeo.com fast.wistia.net; report-uri o394581.ingest.sentry.io/api/4505793402896384/security/?sentry_key=afceb9e6ddac6219e4bf7c3e2fc69c53

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

attio.com *.attio.com