SSL Certificate Analysis for bluebeam.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=bluebeam.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 20, 2025

Valid Until

March 20, 2026 65 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

2B:85:A4:9E:B8:95:13:53:C2:22:1E:05:4A:6D:5F:29:D8:87:4F:A6:B6:68:95:27:47:15:41:40:96:37:43:55

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000

Content-Security-Policy

Basic

default-src; script-src; connect-src; +9 more

default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.storylane.io js.qualified.com bat.bing-int.com www.googleadservices.com analytics.ahrefs.com obs.forroundprince.com ob.forroundprince.com *.stackadapt.com app.vwo.com munchkin.marketo.net *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' *.visualwebsiteoptimizer.com play.vidyard.com wss://ws6.qualified.com app.vwo.com app.qualified.com google.com tsvc.bluebeam.com tsvc.bluebeam.com.au tsvc.bluebeam.se tsvc.bluebeam.co.uk tsvc.bluebeam-dev.com refer.bluebeam.com *.sheerid.net *.sheerid.com analytics.ahrefs.com obs.forroundprince.com tsvc.bluebeam.de *.stackadapt.com *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: *.visualwebsiteoptimizer.com app.vwo.com useruploads.vwo.io attr.ml-api.io secure.adnxs.com s.ml-attr.com www.googleadservices.com obs.forroundprince.com ade.googlesyndication.com arttrk.com imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com p.typekit.net use.typekit.net *.stackadapt.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' use.typekit.net p.typekit.net *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' app.qualified.com *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' www.google.com *.storylane.io *.visualwebsiteoptimizer.com app.vwo.com blob: app.qualified.com www.googletagmanager.com challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; worker-src 'self' blob: ;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

bluebeam.com