SSL Certificate Analysis for auth.accuity.com - Security Grade & TLS Configuration

Open Cached · just now

94/100 SECURITY SCORE

Certificate Information

Subject

CN=auth.accuity.com

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

December 25, 2025

Valid Until

March 25, 2026 61 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

74:5A:DC:10:3A:22:31:B4:28:3F:CC:3D:C4:C2:48:85:1A:11:A4:BE:B0:C5:40:62:DA:DF:86:09:8B:48:A0:D5

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; script-src; worker-src; +13 more

default-src 'self' atlassian-companion:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.recaptcha.net tracking.risk.lexisnexis.com code.jquery.com www.gstatic.com player.vimeo.com cdn.cookielaw.org *.clickagy.com *.adsrvr.org www.buzzsprout.com blob: *.visualwebsiteoptimizer.com cdnjs.cloudflare.com platform.twitter.com connect.facebook.net img.en25.com assets.adobedtm.com js.zi-scripts.com *.zoominfo.com www.googletagmanager.com *.google-analytics.com www.youtube.com www.youtube-nocookie.com s.ytimg.com *.lexisnexis.com *.lexisnexis.co.uk *.lexisnexis.es *.lexisnexis.com.br *.lexisnexis.co.jp *.liadm.com *.qualified.com *.doubleclick.net bat.bing.com *.licdn.com *.linkedin.com *.microad.jp *.baidu.com pagead2.googlesyndication.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net cdnjs.cloudflare.com; img-src 'self' data: blob: img.en25.com bat.bing.com *.ytimg.com pbs.twimg.com *.lexisnexis.com *.lexisnexis.co.uk pixel.wp.com *.lexisnexis.es *.lexisnexis.com.br *.lexisnexis.co.jp analytics.lexisnexisrisk.com *.google-analytics.com *.doubleclick.net *.everesttech.net *.demdex.net cdn.cookielaw.org tracking.risk.lexisnexis.com *.pagead2.googlesyndication.com *.clickagy.com *.openx.net *.liadm.com idsync.rlcdn.com *.agkn.com *.visualwebsiteoptimizer.com *.microad.jp pixel-sync.sitescout.com *.linkedin.com *.google.com www.google.co.in *.facebook.com *.adsrvr.org pixel.rubiconproject.com; font-src 'self' fonts.gstatic.com *.agkn.com wordpress.com *.tmxcyber.com *.adnxs.com; connect-src 'self' *.microad.jp www.google.co.in *.googleadservices.com browser-intake-datadoghq.com *.visualwebsiteoptimizer.com *.zoominfo.com *.google-analytics.com *.algolia.net *.algolianet.com analytics.lexisnexisrisk.com js.zi-scripts.com *.demdex.net *.everesttech.net www.recaptcha.net cdn.cookielaw.org geolocation.onetrust.com *.lexisnexis.com *.lexisnexis.co.uk *.lexisnexis.es *.lexisnexis.com.br *.lexisnexis.co.jp *.clickagy.com *.adsrvr.org *.liadm.com *.qualified.com wss://*.qualified.com *.google.com bat.bing.com px.ads.linkedin.com *.facebook.com privacyportal.onetrust.com cdnjs.cloudflare.com pagead2.googlesyndication.com *.baidu.com; frame-src 'self' atlassian-companion: *.visualwebsiteoptimizer.com www.youtube.com www.comparably.com *.blueflamingo.solutions *.tmxcyber.com app.teamwalnut.com *.doubleclick.net www.buzzsprout.com *.turtl.co www.youtube-nocookie.com platform.twitter.com player.vimeo.com *.demdex.net gateway.on24.com www.recaptcha.net *.adsrvr.org *.liadm.com www.googletagmanager.com *.qualified.com *.microad.jp cdn.cookielaw.org dpm.demdex.net *.linkedin.com www.kitchco.com nam11.safelinks.protection.outlook.com; media-src 'self' *.cloudfront.net *.qualified.com; manifest-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri /cdn-cgi/script_monitor/report

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

camera=(self), microphone=(self)

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

digicert.com letsencrypt.org

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

1 domain

auth.accuity.com