SSL Certificate Analysis for auth.quantexa.com - Security Grade & TLS Configuration

Open Cached · just now

96/100 SECURITY SCORE

Certificate Information

Subject

CN=auth.quantexa.com

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

October 28, 2025

Valid Until

January 26, 2026 31 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

E9:04:35:D8:CF:BC:36:FF:ED:D6:86:F1:51:A7:62:90:14:3D:F8:A6:5C:1C:40:4D:2B:1E:F1:77:F4:1F:8B:45

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; img-src; +4 more

default-src 'self' *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; img-src data: * blob:; font-src 'self' data: fonts.cdnfonts.com; media-src 'self' blob: *.storyblok.com *.mux.com; style-src 'self' 'unsafe-inline' *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; frame-ancestors 'self' https://app.storyblok.com/ https://app.markup.io/;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

Same-origin

Permissions-Policy

Present

browsing-topics=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

letsencrypt.org digicert.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

1 domain

auth.quantexa.com