SSL Certificate Analysis for calibermind.com - Security Grade & TLS Configuration

Open Cached · just now

96/100 SECURITY SCORE

Certificate Information

Subject

CN=calibermind.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

September 30, 2025

Valid Until

December 29, 2025 36 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

74:F9:FC:3A:55:05:7A:68:15:63:2F:B5:D4:E1:7A:B9:18:30:0A:71:5E:72:F1:51:5F:F9:73:BC:A9:59:3D:B9

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

connect-src; font-src; default-src; +10 more

connect-src 'self' *.adroll.com *.clearbitscripts.com *.sequel.io *.g2.com *.uikit.inkeep.com *.management.inkeep.com *.inkeep.com *.unpkg.com *.chilipiper.io *.chilipiper.com *.g2crowd.com *.linkedin.com analytics.google.com *.clearbit.com *.metadata.io *.reactful.com *.calibermind.com *.metarouter.io *.drifft.com *.hsforms.com js.hs-banner.com *.google-analytics.com www.google.com *.clarity.ms bat.bing.com *.doubleclick.net *.forms.hscollectedforms.net *.hsappstatic.net forms.hscollectedforms.net *.hubapi.com *.hubspot.com js.hs-banner.com *.facebook.com *.litix.io *.wistia.com embedwistia-a.akamaihd.net cdn.linkedin.oribi.io ws:; font-src 'self' *.calibermind.com *.sequel.io *.gstatic.com *.googleapis.com *.wistia.com data:; default-src 'none'; media-src 'self' *.calibermind.com *.sequel.io embedwistia-a.akamaihd.net embed-fastly.wistia.com blob:; worker-src 'self' *.calibermind.com blob:; img-src 'self' data: *.adroll.com *.sequel.io *.g2crowd.com *.g2.com *.googleusercontent.com heapanalytics.com *.clearbit.com *.googleapis.com fivetran.com *.cloudinary.com *.hsforms.com *.facebook.com *.google.com *.linkedin.com *.hubspot.com *.google-analytics.com www.googletagmanager.com embed-ssl.wistia.com *.gravatar.com *.wistia.com *.cloudfront.com embedwistia-a.akamaihd.net fast.wistia.net bat.bing.com *.clarity.ms; manifest-src 'self'; frame-src 'self' *.adroll.com *.g2.com *.sequel.io *.google.com www.googletagmanager.com *.chilipiper.com *.youtube.com *.podbean.com *.auth0.com *.calibermind.com *.drifft.com *.facebook.com js.drifft.com *.driftt.com forms.hsforms.com fast.wistia.net *.doubleclick.net; script-src-elem 'self' 'unsafe-inline' *.adroll.com *.sequel.io *.sequelvideo.com *.g2.com *.uikit.inkeep.com *.management.inkeep.com *.inkeep.com *.unpkg.com unpkg.com bat.bing.com *.chilipiper.com *.googleadservices.com *.google.com *.youtube.com *.clarity.ms *.googletagmanager.com *.auth0.com *.metarouter.io *.calibermind.com *.cloudflareinsights.com *.gstatic.com *.jquery.com *.hsforms.net *.googleapis.com *.calibermind.com *.google-analytics.com *.doubleclick.net *.facebook.net *.driftt.com *.clearbitscripts.com *.hs-scripts.com cdnjs.cloudflare.com *.licdn.com *.g2crowd.com *.cdn.metadata.io *.metadata.io *.clearbit.com x.clearbitjs.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net *.hubspot.com js.hs-banner.com *.wistia.com *.fast.wistia.com *.wistia.net *.reactful.com blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.unpkg.com *.sequel.io *.chilipiper.com *.auth0.com *.metarouter.io *.calibermind.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.jquery.com *.hsforms.net *.googleapis.com *.calibermind.com *.google-analytics.com *.doubleclick.net *.facebook.net *.driftt.com *.clearbitscripts.com *.hs-scripts.com *.licdn.com *.g2crowd.com *.cdn.metadata.io *.metadata.io x.clearbitjs.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net track.hubspot.com js.hs-banner.com *.wistia.com *.fast.wistia.com *.wistia.net *.reactful.com blob:; style-src-elem 'self' 'unsafe-inline' *.auth0.com *.sequel.io *.metarouter.io *.calibermind.com *.cloudflareinsights.com *.googletagmanager.com *.gstatic.com *.jquery.com *.hsforms.net *.googleapis.com *.calibermind.com *.google-analytics.com *.doubleclick.net *.facebook.net *.driftt.com *.clearbitscripts.com *.hs-scripts.com *.hsadspixel.net *.reactful.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.sequel.io; frame-ancestors 'self' *.calibermind.com *.sequel.io *.drifft.com fast.wistia.net *.youtube.com

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

microphone=(), camera=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

comodoca.com digicert.com ; cansignhttpexchanges=yes letsencrypt.org pki.goog ; cansignhttpexchanges=yes ssl.com

Wildcard CAs

pki.goog ; cansignhttpexchanges=yes ssl.com comodoca.com digicert.com ; cansignhttpexchanges=yes letsencrypt.org

Incident Reporting

mailto:[email protected]

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• You have authorized 5 CAs - consider limiting to only the CAs you actively use

Subject Alternative Names

2 domains

calibermind.com *.calibermind.com