SSL Certificate Analysis for ausa.org - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=ausa.org

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

November 04, 2025

Valid Until

February 02, 2026 33 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

5D:3C:B0:EA:37:FC:65:C4:8A:A7:2A:17:40:2E:9A:1F:40:37:18:0D:13:DF:20:92:3F:E4:21:58:ED:E8:44:75

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; child-src; +12 more

upgrade-insecure-requests; default-src 'self' 'unsafe-inline' https://c.disquscdn.com https://disqus.com/ https://78e90748.flowpaper.com/; child-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://*.partnerbookingkit.com/ https://cdn.ingo.me; connect-src 'self' http://sentry.utdev.com/ https://links.services.disqus.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://polo.feathr.co/ https://bam.nr-data.net/ https://www.googletagmanager.com/ https://*.partnerbookingkit.com/ https://submit.jotform.com/ https://ausa.careerwebsite.com/ https://cdn.ingo.me https://app.ingo.me https://78e90748.flowpaper.com/ https://px.ads.linkedin.com/wa/ https://analytics.google.com https://js.arcgis.com/ https://l.sharethis.com/ https://ausa.my.site.com/ https://www.google.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://www.facebook.com/; font-src 'self' https:; frame-src 'self' https://ausa-a.akamaihd.net/ https://submit.jotform.com/ https://*.jotform.com/ https://www.youtube.com/ https://disqus.com/ https://www.facebook.com/ https://www.podbean.com/ https://info.ausa.org/ https://www.google.com/ https://calendar.google.com/ https://accounts.google.com/ https://*.google.com/ https://submit.jotform.us/ https://www.arcgis.com/ https://cdn.ingo.me https://11098073.fls.doubleclick.net https://static.addtoany.com/ https://78e90748.flowpaper.com/ARMYOct2021GreenBook/ https://www.dvidshub.net https://player.vimeo.com/ https://glac-ausa.forms-db.com/ https://bid.g.doubleclick.net/ https://fast.wistia.net/ https://www.dvidshub.net/ https://newassets.hcaptcha.com/ https://platform.twitter.com/ https://*.flowpaper.com https://ausa.force.com/ https://td.doubleclick.net/ https://my.matterport.com/ https://video.ibm.com/ https://ausa-org-hub.maps.arcgis.com/ https://ausa.my.site.com/ https://www.googletagmanager.com/; img-src 'self' https: data:; media-src 'self' https:; object-src 'self'; script-src 'self' 'unsafe-eval' https://form.jotform.com/* https://form.jotform.com/ https://code.jquery.com/ https://secure.polldaddy.com/ https://www.googletagmanager.com/ https://cdn.jotfor.ms/ https://www.google-analytics.com/ https://snap.licdn.com/ https://*.partnerbookingkit.com/ https://jotform.com/ https://*.jotform.com/ https://ausaorg.disqus.com https://*.disquscdn.com https://disqus.com https://c.disquscdn.com https://g.adspeed.net https://cdn.ingo.me https://js-agent.newrelic.com https://connect.facebook.net https://secure.quantserve.com https://www.vbt.io https://cdn.feathr.co https://a.smtrk.net/ https://polo.feathr.co https://78e90748.flowpaper.com/ https://preprod-ausa.utstaging.com addtocalendar.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://unpkg.com https://use.fontawesome.com mdbootstrap.com platform.twitter.com stackpath.bootstrapcdn.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.typekit.net https://tagmanager.google.com https://cdn.jotfor.ms/ https://*.partnerbookingkit.com/ https://cdn.ingo.me https://78e90748.flowpaper.com/ addtocalendar.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-elem * 'unsafe-inline'; worker-src 'self' https://www.google.com/ https://disqus.com/ https://www.youtube.com/ https://www.podbean.com/ https://www.facebook.com/ https://platform.twitter.com/ https://submit.jotform.com/ https://submit.jotform.us/ https://www.googletagmanager.com/ https://cdn.ingo.me; frame-ancestors 'self'

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

ausa.org www.ausa.org