SSL Certificate Analysis for console.foxpass.com - Security Grade & TLS Configuration

Open Cached · just now

92/100 SECURITY SCORE

Certificate Information

Subject

CN=console.foxpass.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M02

Valid From

May 02, 2025

Valid Until

May 31, 2026 129 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

0A:76:19:C9:F5:6A:4D:BC:D2:04:75:19:C2:2D:D0:BB:5D:B4:74:6B:0C:DA:63:BC:80:F7:D5:FC:5B:3B:49:0E

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=30; includeSubDomains; preload

Content-Security-Policy

Strong

img-src; frame-src; connect-src; +5 more

img-src 'self' data: blob: http://www.w3.org/ https://www.google.com/pagead/1p-user-list/959924834/ https://*.stripe.com https://secure.gravatar.com/ https://static.foxpass.com/; frame-src 'self' https://www.google.com/ https://js.stripe.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://connect-js.stripe.com https://player.vimeo.com https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com; connect-src 'self' blob: https://api.rollbar.com/ https://api.pagerduty.com/ https://api-js.mixpanel.com https://js.stripe.com/ https://api.stripe.com https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com https://static.foxpass.com/; font-src 'self' data: http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://static.foxpass.com/; script-src 'self' blob: http://ajax.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/npm/chart.js https://cdnjs.cloudflare.com/ https://js.stripe.com/ https://www.googletagmanager.com/ https://cdn.rollbar.com/ https://cdn.mxpnl.com/ https://connect-js.stripe.com https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com https://cdn.rudderstack.com https://cdn.rudderlabs.com https://static.foxpass.com/ 'nonce-NHH6CmOBEsy8EFoK'; style-src 'self' http://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ 'sha256-BcGWJjc4FM5VkuFlKUjcteEY6rjRdVAMy/fOHaLnGug=' 'sha256-BQ5eA/mw6jES31KSfh/A55TC7nzftLBWpZBzzDfwUrA=' 'sha256-5Ta6mBV6fsZXyKvk4yc7DKMwI9FICEZHWD4Ww7CxGdc=' 'sha256-WZ567ntT3BKIFaeoTtOOEdkkOJR5UidQJ809ufOE0zk=' 'sha256-nK6A3vwzvwoN92MnHZrWtylYkYmW1jCQgTqWKQJNBMI=' 'sha256-F+21FF3QOEHS5CNuMQEs3Q+LB0uULZF9DODEYnH/mMQ=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ep3WiQO1GHfrJ7+LKahbcrPKEbkY1aVH2y8HYhmaIt4=' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk=' https://consent.api.osano.com https://tattle.api.osano.com https://cmp.osano.com https://disclosure.api.osano.com https://static.foxpass.com/ 'nonce-NHH6CmOBEsy8EFoK'; default-src 'self'; report-uri /settings/csp_report/

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

console.foxpass.com