SSL Certificate Analysis for databank.com - Security Grade & TLS Configuration

Open Cached · just now

91/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=Texas, L=Dallas, O=DataBank, Inc., CN=*.databank.com

Issuer

C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1

Valid From

January 17, 2025

Valid Until

February 17, 2026 33 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F9:0C:4E:C6:54:86:12:D8:13:67:A3:C7:6D:4F:8C:94:19:D8:FF:8B:86:DF:03:53:51:F2:F1:BD:3E:4A:3F:E0

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

child-src; connect-src; default-src; +7 more

child-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.hotjar.com https://*.hsforms.com https://*.sitescout.com https://www.databank.com; connect-src 'self' https://*.akamaihd.net https://*.amazonaws.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.hs-sites.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hubspot.com https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.parsely.com https://*.salesloft.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://*.youtube.com https://bat.bing.com https://bat.bing.net https://maps.googleapis.com https://obseu.bmccfortress.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com wss://*.hotjar.com; default-src 'self' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com; font-src 'self' data: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.gstatic.com https://*.wp.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.databank.com; frame-src 'self' https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.hs-sites.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.instagram.com https://*.issuu.com https://*.marketo.com https://*.sitescout.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com/ https://*.wordpress.com https://*.wp.com https://*.youtube.com https://s-static.ak.facebook.com https://tagmanager.google.com https://www.databank.com https://www.googletagmanager.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.bing.com https://*.cardlytics.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotusercontent-na1.net https://*.instagram.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.parsely.com https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.sitescout.com https://*.usbrowserspeed.co https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://bat.bing.net https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://obseu.bmccfortress.com https://storage.pardot.com https://www.databank.com https://www.googletagmanager.com; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.wistia.com/ https://www.databank.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.bing.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hsforms.com https://*.hsforms.net https://*.hsleadflows.net https://*.hubapi.com https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://*.instagram.com https://*.jsdelivr.net https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.ml314.com https://*.optmnstr.com https://*.pardot.com https://*.parsely.com https://*.pixel.ad https://*.predictiveresponse.net https://*.remarketstats.com https://*.salesloft.com https://*.scriptintel.io https://*.twitter.com https://*.usbrowserspeed.com https://*.vimeo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wistia.com https://*.wp.com https://connect.facebook.net https://ml314.com https://obseu.bmccfortress.com https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.clickcease.com https://www.databank.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://*.googleapis.com https://*.gravatar.com https://*.jsdelivr.net https://*.marketo.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.wp.com https://tagmanager.google.com https://www.databank.com; worker-src 'self' blob: data: file: filesystem: https://*.convertiv.com https://*.databank-website-develop.go-vip.net https://*.databank.com https://www.databank.com

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

fullscreen=*

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

databank.com *.databank.com