SSL Certificate Analysis for avalor.io - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=California, L=San Jose, O=Zscaler, Inc., CN=zenithlive.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Valid From

May 28, 2025

Valid Until

February 23, 2026 41 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

72:A3:01:0A:91:7B:F8:0A:74:F3:19:21:5B:3B:FD:43:97:8C:3F:72:F3:5D:25:A2:1D:5D:4F:55:49:9F:54:37

Alternative Names

13 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; img-src; script-src; +8 more

default-src 'none' 'self' strict-dynamic https://*.liadm.com; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com https://*.qualified.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://zscaler.piwik.pro/ https://explore.zscaler.com https://js.storylane.io https://www.redditstatic.com/ https://js.qualified.com blob: https://s3-us-west-2.amazonaws.com/b2bjsstore/b/Z6PVLHPZV26R/Z6PVLHPZV26R.js.gz https://a.usbrowserspeed.com/cs https://ddwl4m2hdecbv.cloudfront.net/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com https://idx.liadm.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://s.yimg.jp https://*.yahoo.co.jp https://tr.capterra.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com https://tags.srv.stackadapt.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://1cc736ed757d4e24b91428e20d3e43f8.us-west-1.aws.found.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com https://zscaler.piwik.pro/ https://*.qualified.com wss://*.qualified.com https://www.redditstatic.com/ https://pixel-config.reddit.com/ https://conversions-config.reddit.com/ 'strict-dynamic' https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://layer.zscaler.com https://tags.srv.stackadapt.com https://*.yahoo.co.jp https://tr.capterra.com; media-src https://cms.zscaler.com https://app.storylane.io https://app.storylane.io/demo https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://*.qualified.com; worker-src 'self' blob: ; frame-src 'self' blob: https://app.storylane.io https://app.storylane.io/demo e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com https://www.googletagmanager.com/ https://zscaler784.outgrow.us https://*.qualified.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com; child-src https://*.qualified.com;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

13 domains

avalor.io www.avalor.io

Other domains in certificate

airgap.io www.airgap.io

edgewise.net

onetruezero.com www.onetruezero.com

www.zenithlive.com zenithlive.com

www.zerotrustblueprint.com zerotrustblueprint.com

uvm.zscaler.com zenithlive.zscaler.com