SSL Certificate Analysis for contentserv.com - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=contentserv.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 07, 2025

Valid Until

March 07, 2026 35 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

B7:31:D2:15:CD:6B:9C:FB:AC:A6:3C:3E:17:95:49:40:1D:DC:6F:F7:17:F9:97:53:3A:53:D0:89:E8:57:45:45

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

script-src; connect-src; img-src; +7 more

script-src 'unsafe-inline' 'unsafe-eval' https://www.contentserv.com https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspotusercontent-eu1.net https://*.hubspotusercontent-na1.net https://*.hubspotusercontent10.net https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://js-eu1.hsforms.net/forms/embed/v2.js https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://feedback-eu1.hubapi.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.facebook.net https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://*.hotjar.com https://secure.leadforensics.com https://snap.licdn.com https://px.ads.linkedin.com https://*.clarity.ms https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.algolia.net https://*.sentry-cdn.com https://*.amazonaws.com https://*.linkedin.com https://*.twitter.com https://td.doubleclick.net https://cdn.ampproject.org https://www.bugherd.com https://a.usbrowserspeed.com; connect-src https://www.contentserv.com https://*.hubapi.com https://js.hscta.net https://js-eu1.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://js-eu1.hsforms.net/forms/embed/v2.js https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.facebook.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.hotjar.com wss://ws.hotjar.com https://content.hotjar.io https://secure.leadforensics.com https://snap.licdn.com https://px.ads.linkedin.com https://*.facebook.com https://*.twitter.com https://*.clarity.ms https://*.litix.io https://*.wistia.com https://*.wistia.net https://js.sentry-cdn.com https://google.com https://*.hotjar.io https://*.google.al https://*.google.com.ar https://*.google.at https://*.google.com.au https://*.google.ba https://*.google.be https://*.google.bg https://*.google.by https://*.google.ca https://*.google.ch https://*.google.cn https://*.google.cz https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.co.in https://*.google.is https://*.google.it https://*.google.co.jp https://*.google.li https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.sk https://*.google.com.tr https://*.google.com.ua https://*.google.co.uk https://www.googleadservices.com https://pro.ip-api.com https://td.doubleclick.net https://cdn.ampproject.org https://www.bugherd.com wss://ws-mt1.pusher.com https://salesviewer.org https://www.salesviewer.com/t; img-src * data:; frame-src https://www.contentserv.com https://*.hubspot.com https://*.hs-sites.com https://*.hs-sites-eu1.com https://*.hubspot.net https://*.hsforms.net https://*.hsforms.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://fast.wistia.com https://fast.wistia.net https://*.facebook.com https://*.twitter.com https://www.google.com https://contentserv.jobs.personio.com; style-src 'unsafe-inline' blob: https://www.contentserv.com https://static.hsappstatic.net https://*.hubspotusercontent-eu1.net https://*.hubspotusercontent-na1.net https://*.hubspotusercontent10.net https://cdn2.hubspot.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fast.wistia.com; font-src https: data:; child-src blob: https://*.hsforms.com; media-src blob: data: https://*.wistia.com https://*.wistia.net; worker-src blob:;; upgrade-insecure-requests

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

contentserv.com