Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
CN=*.data.precisely.com
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M04
Valid From
January 24, 2026
Valid Until
February 22, 2027
383 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
83:E9:11:3E:3D:27:5B:23:5B:F2:B5:F9:BB:E4:CE:86:3D:E3:DD:2A:45:39:0E:C0:D2:9E:43:C2:6A:17:9B:87
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Good
default-src; frame-src; script-src; +12 more
default-src 'self';frame-src 'self' https://*.precisely.services https://*.precisely.com https://*.userzoom.com https://www.google.com/ https://app.qualified.com/;script-src 'self' https://*.virtualearth.net https://*.google-analytics.com https://*.userzoom.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.qualified.com 'sha256-y1MzBe5Apy0TFVcQh3UwRWHPgLueILzasHjCE+DIDPM=' 'sha256-95W+KpeBYvdkLzuaEVRi6xFKqpQQilnjSxm3kq1u0WE=' 'sha256-PxvlzzcfpeEMQK0dbQ9jGqWNaCfSedlw1ssrMzwkW00=' 'sha256-bwPvtPhVraosHhkZmbL164Vt25dXu20VPffXGS97DU0=' 'sha256-KJTqY1Q6PkROX21swgMKp2T0fPNUdUo6kKmbIYcH5qo=';script-src-elem 'self' https://*.virtualearth.net https://*.google-analytics.com https://*.userzoom.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.qualified.com 'sha256-y1MzBe5Apy0TFVcQh3UwRWHPgLueILzasHjCE+DIDPM=' 'sha256-95W+KpeBYvdkLzuaEVRi6xFKqpQQilnjSxm3kq1u0WE=' 'sha256-H8s4Y0droUeKRIePlriNSLNKT6En2tRWl7ORgEng6wk=' 'sha256-PxvlzzcfpeEMQK0dbQ9jGqWNaCfSedlw1ssrMzwkW00=' 'sha256-kAswFx6JS9qRFy0xuUDlVL6+WwgzbEi1EBCvvkSID9g=' 'sha256-H7sjlj0tr2T6P5dseAYJeIxTr6kFtW3/dn722TyrGWs=' 'sha256-l07frNlJlAmQD6HxxMA4+VHqauzjzahrZLzVrThh8wQ=' 'sha256-KJTqY1Q6PkROX21swgMKp2T0fPNUdUo6kKmbIYcH5qo=';style-src 'self' 'unsafe-inline' https://*.userzoom.com;connect-src 'self' https://*.sumologic.com wss://localhost:4041 https://*.precisely.com https://*.precisely.services https://www.google-analytics.com https://*.virtualearth.net https://*.userzoom.com wss://ws.qualified.com https://*.qualified.com;img-src 'self' data: https://api.precisely.com https://*.google-analytics.com https://*.virtualearth.net https://*.userzoom.com https://js.qualified.com;media-src https://js.qualified.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Present
autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), usb=(), web-share=(), xr-spatial-tracking=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
4 domains
data.precisely.com
*.data.precisely.com
my-datamarketplace.com
*.my-datamarketplace.com
Other domains in certificate