Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=Illinois, L=Chicago, O=Jones Lang LaSalle IP, Inc., CN=www.openavm.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1
Valid From
May 20, 2025
Valid Until
May 20, 2026
152 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
C7:50:8F:4B:87:8D:80:AC:62:A3:F7:D1:AF:C9:5E:85:78:7E:60:B6:EC:85:13:08:B5:AA:D5:22:D6:A2:BA:36
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000 ; includeSubDomains
Content-Security-Policy
Good
default-src; script-src; style-src; +9 more
default-src 'self'; script-src 'self' data.pendo.io browser-intake-us3-datadoghq.com events.launchdarkly.com app.launchdarkly.com cdn.pendo.io app.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6295215484043264.storage.googleapis.com embeddable-sandbox.cdn.apollographql.com cdn.jsdelivr.net 'sha256-dPbG/8WWCeRcxSskSKoEa/4NRojkGGQbHka+CXNiyvM=' 'sha256-kMW6yGHxE+DvFaztTXEzPpCcv6NiscTCvVZynN2yTRQ=' 'sha256-jasvWQ4PvVPs8WOnAlOvoaaUsdLuv1raMm9Ichz3OTc=' 'sha256-nxJroCxVKkRniZ0Vae8ajcwP3LHX+OsWn8YOe2TDSCA=' 'sha256-5V7uebMFF9tTmAOZyctk0Fl4prr9ERGCLRYXVuouNpA=' 'sha256-hirzf05Xy03RyRElZCLeENV2okI6E03oaXXVao3TMv8=' 'sha256-P3AJGQ19wskT4XG189wPdsIiDMKTwZjb2x/4pYYK8ok=' 'sha256-0FmYGQKrTyPXkrno3R5jYAJUzMMy+rrBW6KvfkhTuqQ=' 'sha256-Nu8ySthuUY6GGASWmt0Hblg/Ok3hv3+LFzoDHnpNaks=' 'sha256-m74yrk83/czOvkdVf3se9IcQmnPLmD1+Caoz3uWPcQM=' 'sha256-//CAMc1PWcXO0SklC/MrAOv7/FW2VjiefS9GXahF9QM=' 'sha256-rSD1Q3w6+GcZCa0lB9lSTDnq+VUeL+vRoW8fB4eUopQ=' 'sha256-dWHdZhLNXbtWxcW0/5yPwIavr/FSVoWRvTIUYfm5REw=' 'sha256-76+vKRzKYns/hmmYbUta9OVMe6YuslFxWWc/uwDaDjM=' 'sha256-jPxixXgwz0YAgWBRNcShb9nb5Tu4LWgXwX8jqEd6nZ4=' 'sha256-jfAZ7XfJ47y4t4EcJclg+59axlXu932xKqTRC9KUkIc=' 'sha256-QjWjsiPMaE/smQHVX006oUyVjmITWN+dWYLKjoVidxA=' 'sha256-290oTQKpX+hT2n7L2anmJ/82b5Ltw/jYlGFz2ibEpPw=' 'sha256-NPlQz4ksd+DWpDMjGj0Eerf5uJl83G3IEDRLQ4pla/o=' 'sha256-LK0NfAqKBwSn+J/zHkuJYYrKNmeYa9RwSx6cB5iJ+dU=' 'sha256-20j3WcL/cq9Bb1jvtRZ3Eo1NIAIovziWZTzuq2rpaa4=' 'sha256-gxQt6XMcyZmbRr3WxXRG88jtTg8s9HSn2qBe3rpGyxY=' 'sha256-qNp3oVHfT8/QwcNqJjZXnUP2G5B6YhLqHAe6sS7zmOI=' 'sha256-UkDUSi8WXAQTIo5eAyx1GwmM3y5HbI+YsDw85qbPxr4=' analytics4.jll.com analytics4.jll.cn widget.numbersstation.ai preprod-ai.azara.jllt.com 'sha256-apoQPHefCNWjxbCm+HzVDOAW4CSVWhY7VylQjgOFyfk=' 'sha256-DrEMJJ29sL7vIloQzly+VUGMxKcBTMII+OfW7Y8AkG4=' 'sha256-10uztYJZm7OLYtHrFaYKCvTOAUfjM17+CoEWk5hLcc4=' 'sha256-/8wPdzX9q0NNJXyA5lzsLojXFpkeaXVxhbfkUOQaWy8=' 'sha256-/K9p2JtEqCycL2fSbEonMakkteWpAHv57x2wndLqMNo=' 'sha256-/nhm8p50KJxvwWLggwJ1OF8Xgq5W/b3iKECITLASfOg=' unpkg.com; style-src 'self' fonts.googleapis.com fonts.gstatic.com blob: 'unsafe-inline' pendo-io-static.storage.googleapis.com pendo-static-6295215484043264.storage.googleapis.com app.pendo.io cdn.jsdelivr.net; img-src 'self' data.pendo.io cdn.pendo.io browser-intake-us3-datadoghq.com data: blob: apollo-server-landing-page.cdn.apollographql.com app.pendo.io pendo-static-6295215484043264.storage.googleapis.com fastapi.tiangolo.com jllamplatformv2dev.blob.core.windows.net server.arcgisonline.com; connect-src 'self' dev-analytics.azara.jllt.com data.pendo.io pendo-static-6295215484043264.storage.googleapis.com browser-intake-us3-datadoghq.com events.launchdarkly.com app.launchdarkly.com clientstream.launchdarkly.com app.pendo.io jllamplatformv2dev.blob.core.windows.net api.feedback.us.pendo.io *.duke-energy.com:* jllpoc.oktapreview.com api-dev.jll.com api-dev.jll.cn preprodapi-ai.azara.jllt.com cdn.jsdelivr.net; report-uri /csp-report-endpoint; font-src 'self' fonts.gstatic.com; frame-src 'self' app.pendo.io portal.pendo.io sandbox.embed.apollographql.com feedback.us.pendo.io portal.feedback.us.pendo.io app.powerbi.com widget.numbersstation.ai analytics4tst.jll.com analytics4tst.jll.cn preprod-ai.azara.jllt.com *.duke-energy.com:* jllpoc.oktapreview.com *.azuredatabricks.net; worker-src 'self' blob:; child-src 'self' blob:; manifest-src 'self' apollo-server-landing-page.cdn.apollographql.com; style-src-elem 'self' cdn.jsdelivr.net 'unsafe-inline' fonts.googleapis.com fonts.googleapis.com fonts.gstatic.com adb-142236994295451.11.azuredatabricks.net;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
89 domains
cdn-spark.jllt.com
dev-spark.jllt.com
gamma.jllt.com
spark-dev.jllt.com
spark-qa.jllt.com
spark.jllt.com
stg-spark.jllt.com
analytics.azara.jllt.com
data.azara.jllt.com
dev-analytics.azara.jllt.com
dev-data.azara.jllt.com
dev-reports.azara.jllt.com
dev.spark.jllt.com
preprod-analytics.azara.jllt.com
preprod-data.azara.jllt.com
preprod-reports.azara.jllt.com
preprod.azara.jllt.com
reports.azara.jllt.com
stg.spark.jllt.com
230congress.com
www.230congress.com
260franklinstreet.com
www.260franklinstreet.com
site.atginc.com
bigredrooster.com
dev.bigredrooster.com
stg.bigredrooster.com
www.bigredrooster.com
brg.com
www.brg.com
dev.jll50.com.hk
jll50.com.hk
stg.jll50.com.hk
www.jll50.com.hk
aztest-ent-noc-emea.corrigo.net
aztest-pro-noc-emea.corrigo.net
ent-noc-emea.corrigo.net
pro-noc-emea.corrigo.net
api-demo.envio.systems
api-us.envio.systems
api.envio.systems
ca.envio.systems
demo.envio.systems
envio.systems
us.envio.systems
www.envio.systems
enviosystems.com
www.enviosystems.com
humanexperience.jll
eri.live.jll.com
forum.jllcab.live.jll.com
techup.live.jll.com
elblogdelosanillos.jll.es
dev.ebrochure.jll.eu
ebrochure.jll.eu
jll-emea-evohtmltopdf.jll.eu
uat.ebrochure.jll.eu
jllhub.com
lafayetteccboston.com
www.lafayetteccboston.com
lochrinquay.com
dev.logcheck.com
stg.logcheck.com
www.logcheck.com
logcheckapp.com
staging.logcheckapp.com
www.logcheckapp.com
onebeaconstreet.com
www.onebeaconstreet.com
onepostofficesq.com
www.onepostofficesq.com
api.openavm.com
jlleulive.openavm.com
jlllive.openavm.com
jlluslive.openavm.com
jllvirtual.openavm.com
suburbtrends.openavm.com
uat-api.openavm.com
uat.openavm.com
www.openavm.com
pennplaceframingham.com
www.pennplaceframingham.com
powerupwithcapforce.com
presidentsplacequincy.com
www.presidentsplacequincy.com
cdn.tetris-db.com
twolibertyboston.com
www.twolibertyboston.com
welcome.jll
Other domains in certificate