SSL Certificate Analysis for docs.betterpt.com - Security Grade & TLS Configuration

Open Cached · 1h ago

92/100 SECURITY SCORE

Certificate Information

Subject

CN=docs.betterpt.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 08, 2025

Valid Until

March 08, 2026 66 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

A0:E9:94:0E:66:ED:CD:FA:4E:D6:1C:7F:42:FF:AA:53:CC:5A:57:39:BA:CA:28:F0:29:50:9F:53:80:05:9C:AA

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; connect-src; manifest-src; +11 more

default-src 'self' app.gitbook.com api.gitbook.com integrations.gitbook.com files.gitbook.com *.gitbook.com; connect-src 'self' blob: * app.gitbook.com api.gitbook.com *.intercom.io wss://*.intercom.io uploads.intercomcdn.com uploads.intercomusercontent.com sentry.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com translate.googleapis.com translate.google.com www.gstatic.com *.iframe.ly cdnjs.cloudflare.com cdn.jsdelivr.net *.amplitude.com cloudflareinsights.com *.googleapis.com *.cloudfunctions.net *.google.com *.firebaseio.com wss://*.firebaseio.com *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com segment-api.gitbook.com *.castle.io *.stripe.com track-eu.customer.io track.customer.io customerioforms.com eu.customerioforms.com *.api.gist.build *.cloud.gist.build api.getripe.com us.api.getripe.com; manifest-src 'self'; script-src 'self' 'unsafe-eval' integrations.gitbook.com app.gitbook.com https://js.intercomcdn.com https://widget.intercom.io https://app.intercom.io https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://www.googletagmanager.com https://googletagmanager.com https://translate.googleapis.com https://translate.google.com https://cdn.iframe.ly https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.amplitude.com https://static.cloudflareinsights.com 'unsafe-inline' *.firebaseio.com *.gstatic.com *.google.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com segment-cdn.gitbook.com https://js.stripe.com https://checkout.stripe.com https://assets.customer.io https://code.gist.build https://customerioforms.com https://eu.customerioforms.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net storage.getripe.com us.storage.getripe.com *.opentok.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com app.gitbook.com translate.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com checkout.stripe.com code.gist.build; img-src data: * blob: static.intercomassets.com *.intercomcdn.com *.intercom-mail.com *.intercom.io *.intercomusercontent.com *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-9.com www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com www.googletagmanager.com translate.google.com translate.googleapis.com www.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.hubspot.com cdn2.hubspot.net forms.hsforms.com *.stripe.com track-eu.customer.io track.customer.io https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net images.getripe.com storage.googleapis.com us.images.getripe.com us.storage.googleapis.com; font-src app.gitbook.com * js.intercomcdn.com fonts.intercomcdn.com data: cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com assets.getripe.com; child-src 'self' blob: www.intercom-reporting.com intercom-sheets.com www.youtube.com player.vimeo.com fast.wistia.net www.googletagmanager.com app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; worker-src 'self' blob:; frame-src www.intercom-reporting.com www.googletagmanager.com * *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com *.stripe.com *.stripe.network renderer.gist.build code.gist.build; form-action api-iam.intercom.io intercom.help forms.hsforms.com forms.hubspot.com; media-src *.intercomcdn.com *.mux.com blob:; frame-ancestors app.gitbook.com; report-uri https://o1000929.ingest.sentry.io/api/5960429/security/?sentry_key=a9072c7b7a264a6e9c617a4fa5fa8ed9&sentry_environment=gitbook-x-prod&sentry_release=10.9.1507;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

digicert.com letsencrypt.org pki.goog

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

1 domain

docs.betterpt.com