SSL Certificate Analysis for drift.com - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=drift.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 07, 2026

Valid Until

April 07, 2026 75 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A4:05:93:1B:E5:2E:13:5E:53:FC:93:FF:CE:AC:58:B1:58:81:32:B7:5D:AB:DA:3F:E9:DB:B8:66:AE:A0:F1:25

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

connect-src; font-src; frame-src; +10 more

connect-src 'self' https://adservice.google.com global.ketchcdn.com *.calibermind.com *.ketchcdn.com *.ketchjs.com *.google.com *.g2crowd.com *.linkedin.com *.chilipiper.com cmstesting.salesloft.com https://munchkin.marketo.net https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.contentstack.io api.contentstack.io *.contentstack.io *.hotjar.com *.sequel.io *.salesloft.com *.adnxs.com unpkg.com *.hotjar.com *.hotjar.io *.6sc.co *.6sense.com *.marketlinc.com *.nr-data.net/ *.analytics.google.com *.marketo.com *.mktoresp.com *.doubleclick.net *.google-analytics.com/ *.googletagmanager.com/ *.pantheonsite.io/ *.cookielaw.org/ *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io *.netdna-ssl.com https://api.company-target.com/api/v2/ip.json https://api.brightfunnel.com/v1/sd https://api-iam.intercom.io/messenger/web/ping wss://nexus-websocket-a.intercom.io/ https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/partner/5254305/domain/salesloft.com/token wss://wsp13.hotjar.com/api/v2/client/ws *.google.com *.googleoptimize.com *.hotjar.com *.introvoke.com *.mktoweb.com *.benchmarkseverywhere.com https://saasbenchmarks.ai/ https://live-salesloft-v2.pantheonsite.io/ https://test-salesloft-v2.pantheonsite.io/ https://images.contentstack.io https://slft-cons-preproduction.contentstackapps.com *.driftt.com *.drift.com wss://ws.hotjar.com/api/v2/client/ws; font-src 'self' data: https://fonts.gstatic.com *.netdna-ssl.com https://js.intercomcdn.com/fonts/ *.fontawesome.com *.wistia.com *.bootstrapcdn.com; frame-src 'self' *.doubleclick.net *.sequel.io *.vidyard.com *.youtube.com *.chilipiper.com *.salesloft.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://staticxx.facebook.com/ http://www2.salesloft.com *.greenhouse.io/ *.megaphone.fm *.google.com/ *.contentstack.io *.contentstack.com *.spotify.com *.twitter.com *.facebook.com *.driftt.com *.drift.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io *.googletagmanager.com; img-src 'self' https: data: blob: *.netdna-ssl.com https://ssl.gstatic.com/ *.vidyard.com; manifest-src 'self' blob:; media-src 'self' blob: *.driftt.com *.wistia.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com *.marketo.com *.netdna-ssl.com https://tagmanager.google.com/ https://fonts.googleapis.com/ *.salesloft.com *.bootstrapcdn.com *.google.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io/; worker-src blob: data: *.netdna-ssl.com *.contentstackapps.com localhost:3000 salesloft.com cmstesting.salesloft.com *.salesloft.com; base-uri 'none'; frame-ancestors 'self' *.contentstack.com; default-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' http://pages.salesloft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://tagmanager.google.com/ 'self';

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

drift.com