SSL Certificate Analysis for bettercloud--c.na148.visual.force.com - Security Grade & TLS Configuration | DNS Gurus

Open Cached · just now

83/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Certificate Information

Subject

C=US, ST=California, L=San Francisco, O=Salesforce, Inc., CN=viv1.force.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Valid From

February 10, 2026

Valid Until

February 08, 2027 281 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

4C:7D:FA:1B:C0:5E:C4:52:2D:62:4F:8F:27:7C:BB:1B:12:E6:EE:B9:4F:BE:C6:BF:8E:04:1A:B2:43:71:C0:8F

Alternative Names

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Weak

upgrade-insecure-requests Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

139 domains

*.force.com *.cloudforce.com viv1.force.com *.ap19.force.com *.ap62.force.com *.eu16.force.com *.lightning.force.com *.na125.force.com *.na137.force.com *.na148.force.com *.na152.force.com *.na165.force.com *.na166.force.com *.na169.force.com *.na171.force.com *.na174.force.com *.na38.force.com *.secure.force.com *.ap11.content.force.com *.ap11.visual.force.com *.ap12.content.force.com *.ap12.visual.force.com *.ap19.content.force.com *.ap19.visual.force.com *.ap2.content.force.com *.ap2.visual.force.com *.ap24.content.force.com *.ap24.visual.force.com *.ap25.content.force.com *.ap25.visual.force.com *.ap62.content.force.com *.ap62.visual.force.com *.eu11.content.force.com *.eu11.visual.force.com *.eu16.content.force.com *.eu16.visual.force.com *.eu17.content.force.com *.eu17.visual.force.com *.eu19.content.force.com *.eu19.visual.force.com *.eu2.content.force.com *.eu2.visual.force.com *.eu26.content.force.com *.eu26.visual.force.com *.eu3.content.force.com *.eu3.visual.force.com *.eu31.content.force.com *.eu31.visual.force.com *.eu32.content.force.com *.eu32.visual.force.com *.eu33.content.force.com *.eu33.visual.force.com *.eu35.content.force.com *.eu35.visual.force.com *.eu4.content.force.com *.eu4.visual.force.com *.eu40.content.force.com *.eu40.visual.force.com *.eu5.content.force.com *.eu5.visual.force.com *.eu6.content.force.com *.eu6.visual.force.com *.eu7.content.force.com *.eu7.visual.force.com *.eu9.content.force.com *.eu9.visual.force.com *.na1.content.force.com *.na1.visual.force.com *.na104.content.force.com *.na104.visual.force.com *.na110.content.force.com *.na110.visual.force.com *.na115.content.force.com *.na115.visual.force.com *.na125.content.force.com *.na125.visual.force.com *.na131.content.force.com *.na131.visual.force.com *.na137.content.force.com *.na137.visual.force.com *.na148.content.force.com *.na148.visual.force.com *.na152.content.force.com *.na152.visual.force.com *.na165.content.force.com *.na165.visual.force.com *.na166.content.force.com *.na166.visual.force.com *.na169.content.force.com *.na169.visual.force.com *.na171.content.force.com *.na171.visual.force.com *.na174.content.force.com *.na174.visual.force.com *.na24.content.force.com *.na24.visual.force.com *.na29.content.force.com *.na29.visual.force.com *.na3.content.force.com *.na3.visual.force.com *.na30.content.force.com *.na30.visual.force.com *.na31.content.force.com *.na31.visual.force.com *.na32.content.force.com *.na32.visual.force.com *.na34.content.force.com *.na34.visual.force.com *.na35.content.force.com *.na35.visual.force.com *.na38.content.force.com *.na38.visual.force.com *.na43.content.force.com *.na43.visual.force.com *.na48.content.force.com *.na48.visual.force.com *.na6.content.force.com *.na6.visual.force.com *.na64.content.force.com *.na64.visual.force.com *.na68.content.force.com *.na68.visual.force.com *.na7.content.force.com *.na7.visual.force.com *.na8.content.force.com *.na8.visual.force.com *.na83.content.force.com *.na83.visual.force.com *.na85.content.force.com *.na85.visual.force.com *.na98.content.force.com *.na98.visual.force.com *.um3.content.force.com *.um3.visual.force.com *.um4.content.force.com *.um4.visual.force.com *.um8.content.force.com *.um8.visual.force.com

Other domains in certificate

*.database.com