SSL Certificate Analysis for cdn.stitcherads.com - Security Grade & TLS Configuration

Open Cached · just now

84/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 22

Amazon CloudFront

Gravatar

Let's Encrypt

Adobe Fonts (Typekit)

Adobe Marketo

Algolia

AppNexus (Xandr)

BootstrapCDN

Cookiebot

DebugBear

Facebook

Google AdSense

Google Analytics

Google Conversion Tracking

Google Fonts

Google Tag Manager

jsDelivr

Liveramp

OneTrust

The Trade Desk

ZoomInfo

Certificate Information

Subject

CN=s4-san.cloudinary.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 07, 2026

Valid Until

April 07, 2026 50 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

16:FF:37:DD:67:75:BB:DE:9F:34:24:63:CE:8F:5E:C7:14:4E:8B:8C:1A:F0:8C:FB:CC:68:26:F0:77:31:92:6A

Alternative Names

74 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; script-src-elem; +9 more

default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com *.googletagmanager.com www.google-analytics.com *.google.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com *.infinigrow.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net cdn.cr-proxy.com stackpath.bootstrapcdn.com *.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com *.infinigrow.com ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net cdnjs.cloudflare.com cdn.debugbear.com cdn.cookielaw.org *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com tracking-api.g2.com *.adroll.com app.convert.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org *.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com *.typekit.net unpkg.com cdnjs.cloudflare.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com cdn.jsdelivr.net cdn.cookielaw.org; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com pagead2.googlesyndication.com cm.g.doubleclick.net www.google.co.uk www.google.de www.google.hr www.google.co.il segments.company-target.com ps.eyeota.net googleads.g.doubleclick.net secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net *.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com cdn.cookielaw.org dimensions-art.cloudinary.net n902wcigxi.execute-api.us-east-1.amazonaws.com *.adroll.com p28416.itm.cloud.com p118600.itm.cloud.com ml314.com x.bidswitch.net pixel.tapad.com dsum-sec.casalemedia.com sync.outbrain.com idsync.rlcdn.com pixel.rubiconproject.com image2.pubmatic.com us-u.openx.net sync.taboola.com eb2.3lift.com ib.adnxs.com *.reson8.com secure.adnxs.com dpm.demdex.net i.liadm.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com cdn.cookielaw.org; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com pagead2.googlesyndication.com *.doubleclick.net api.lever.co api.cr-proxy.com *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.metrics.convertexperiments.com logs.convertexperiments.com *.linkedin.com *.cookiebot.com *.infinigrow.com data.debugbear.com cdn.cookielaw.org epsilon.6sense.com *.6sc.co *.onetrust.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com tracking-api.g2.com n902wcigxi.execute-api.us-east-1.amazonaws.com *.algolia.net dss6ntp5q2r0o.cloudfront.net *.adroll.com cdn.jsdelivr.net; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com demo.arcade.software *.googletagmanager.com *.doubleclick.net *.productboard.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com p28416.itm.cloud.com p118600.itm.cloud.com app.convert.com; object-src 'none'

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Present

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

74 domains

cdn.stitcherads.com

Other domains in certificate

c-cdn-stg.assets.air-closet.com

media.airportsafetystore.com

images.alko.fi

community-files.ama-assn.org

cdn.apartmenttherapy.info

img.avery.com

img-stg.benefitcosmetics.com

media.bergdorfgoodman.com

media2.bulgari.com

static.choisir.com

adacpresse-res.cloudinary.com s4-san.cloudinary.com

ak-assets.cloudinary.us papish.cloudinary.us

images.discerningassets.com

images.dynamicyield.com

images.enervee.com

v-c-test.etsystatic.com v-c.etsystatic.com

media.firstbusiness.bank

media.firstbusiness.com

images.framesdirect.com

images.goodalemillerteam.com

images.grandsierraresort.com

media.hashtagopen.com

images.hdsupplysolutions.com

media.horchow.com

assets.minbutik.ica.se

assets.icanet.se

media.intostudy.com

cdn-images.italist.com

media.jungfrau.ch

images.lanouvellerepublique.fr

media.lastcall.com

images.lifeworks.com

images.lukiegames.com

img.made.com

medias.maisonsdumonde.com

images.marmonlink.com

media.masterplan.com

images.medicanimal.com

images.meinbge.de

images.milkandmore.co.uk

assets.mspcdn.net

media.neimanmarcus.com

resident360files.nejm.org

assets.nintendo.com

marketing-assets.nintendo.eu

images.nycgo.com

photos.production.onxmaps.com

media.parkingblock.com

images.pet-supermarket.co.uk

assets.petco.com

images.pickles.com.au

images.pingidentity.com

media.placester.com

cloudinary.propane.com

images.qiigo.com

vcmp-hotels.sabre.com

assets.snapchance.no

images.sofology.co.uk

resources.sonyliv.com

images.steelcase.com

images.stylight.net

cdn-cd.thg.dk

nonprod.assets.tmecosys.com

media.trafficcones.com

media.trafficsafetystore.com

media.ucpa.com

assets.vercel.com

imageedit.walsworthyearbooks.com

c.yell.com

images.cdn.yle.fi