SSL Certificate Analysis for devrev.ai - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=devrev.ai

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

November 14, 2025

Valid Until

February 12, 2026 73 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D4:87:79:62:73:B0:F8:E7:61:0D:25:81:BC:B9:D0:47:B1:69:8C:6E:CE:40:75:50:4C:DB:7F:D4:D8:15:E1:6D

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000

Content-Security-Policy

Basic

default-src; script-src; frame-src; +8 more

default-src 'self' 'unsafe-eval' 'unsafe-inline' visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com amplitude.com *.amplitude.com devrev.ai *.devrev.ai devrev-eng *.devrev-eng.ai *.meticulous.ai *.stripe.com sanity.io *.sanity.io tally.so *.tally.so customfit.ai *.customfit.ai clarity.ms *.clarity.ms getkoala.com *.getkoala.com factors.ai *.factors.ai calendly.com *.calendly.com unpkg.com *.unpkg.com g2crowd.com *.g2crowd.com doubleclick.net *.doubleclick.net twitter.com *.twitter.com github.com *.github.com *.codesandbox.io wss://*.devrev.ai localhost:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.crazyegg.com visualwebsiteoptimizer.com s3-us-west-2.amazonaws.com *.licdn.com *.redditstatic.com *.zi-scripts.com *.g2crowd.com *.cal.com cal.com *.visualwebsiteoptimizer.com amplitude.com *.amplitude.com *.meticulous.ai *.sentry-cdn.com vimeo.com *.vimeo.com 'unsafe-inline' unpkg.com *.unpkg.com doubleclick.net *.doubleclick.net www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com sanity.io *.sanity.io tally.so *.tally.so customfit.ai *.customfit.ai clarity.ms *.clarity.ms getkoala.com *.getkoala.com factors.ai *.factors.ai calendly.com *.calendly.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org www.googletagmanager.com *.googleapis.com .heapanalytics.com heapanalytics.com *.fides-cdn.ethyca.com *.vercel.app *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com devrev.ai *.devrev.ai devrev-eng *.devrev-eng.ai twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.devrev.ai localhost:*; frame-src 'self' devrev.ai *.devrev.ai devrev-eng *.devrev-eng.ai *.googletagmanager.com *.cal.com cal.com codesandbox.io plug-platform.devrev.ai player.vimeo.com www.youtube.com twitter.com youtube-nocookie.com github.com www.google.com github.com lu.ma *.lu.ma.com *.luma.com luma.com tally.so *.tally.so calendly.com *.calendly.com *.stripe.com td.doubleclick.net twitter.com *.twitter.com; child-src 'self' vimeo.com *.vimeo.com devrev.ai *.devrev.ai devrev-eng *.devrev-eng.ai lu.ma *.lu.ma *.luma.com luma.com tally.so *.tally.so calendly.com *.calendly.com *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com td.doubleclick.net github.com calendly.com *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.devrev.ai localhost:*; style-src 'self' 'unsafe-inline' typekit.net *.typekit.net *.googleapis.com heapanalytics.com *.vercel.app devrev.ai *.devrev.ai devrev-eng *.devrev-eng.ai *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.devrev.ai localhost:*; img-src * blob: data:; media-src 'self' sanity.io *.sanity.io *.vercel-storage.com videos.ctfassets.net user-images.githubusercontent.com replicate.delivery blob: data: devrev.ai *.devrev.ai devrev-eng *.devrev-eng.ai *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.devrev.ai localhost:*; connect-src data: *; frame-ancestors 'self' devrev.ai *.devrev.ai devrev-eng *.devrev-eng.ai vercel.app *.vercel.app; font-src 'self' typekit.net *.typekit.net *.devrev.ai *.gstatic.com; worker-src 'self' *.devrev.ai blob:

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

devrev.ai