SSL Certificate Analysis for eftsure.com - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=eftsure.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 15, 2025

Valid Until

March 15, 2026 39 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D0:07:18:E8:EA:B0:83:BA:7A:71:36:B4:5E:E5:9F:5F:2A:50:7A:7D:69:D1:65:E5:8F:C8:97:00:A9:62:7C:94

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000

Content-Security-Policy

Basic

default-src; frame-src; script-src; +7 more

default-src 'self' blob: *.sentry-cdn.com *.chilipiper.com *.hsappstatic.net *.clearbitscripts.com https://www.eftsure.com https://eftsure.vercel.app https://eftsure-develop.vercel.app *.vercel-analytics.com *.algolia.net *.algolianet.com *.algolia.io *.doubleclick.net *.google-analytics.com *.analytics.google.com www.google.com *.clarity.ms analytics.tiktok.com js.intercomcdn.com tagmanager.google.com use.typekit.net p.typekit.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.wistia.com *.litix.io www.facebook.com *.hsforms.net *.hsforms.com *.posthog.com https://www.google.com.au https://analytics.google.com https://px.ads.linkedin.com https://analytics.ahrefs.com *.reddit.com https://www.redditstatic.com https://cdn.dreamdata.cloud https://ws.zoominfo.com https://api.hubapi.com https://d.adroll.com *.hubspot.com https://forms.hscollectedforms.net https://www.googleadservices.com https://google.com https://x.clearbitjs.com https://app.clearbit.com *.osano.com tracking-api.g2.com; frame-src 'self' *.algolia.net optimize.google.com *.google.com/recaptcha www.gstatic.com www.google.com googletagmanager.com www.googletagmanager.com googleanalytics.com google-analytics.com googleoptimize.com *.youtube.com *.doubleclick.net www.facebook.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://eftsure.vercel.app https://eftsure-develop.vercel.app https://www.eftsure.com *.wistia.com https://vercel.live https://x.adroll.com https://forms.hsforms.com *.chilipiper.com; script-src 'self' *.hsappstatic.net *.clearbitscripts.com *.google.com/recaptcha *.gstatic.com *.youtube.com cdnjs.cloudflare.com ajax.googleapis.com *.formstack.com *.algolia.net *.doubleclick.net widget.intercom.io js.intercomcdn.com optimize.google.com www.googleoptimize.com connect.facebook.net www.clarity.ms js.adsrvr.org/up_loader.1.1.0.js sc-static.net/scevent.min.js static.ads-twitter.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com *.vercel.app analytics.tiktok.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.hotjar.com 'unsafe-inline' 'unsafe-eval' https://eftsure.vercel.app https://eftsure-develop.vercel.app https://www.eftsure.com *.wistia.com *.sentry-cdn.com *.hsforms.net *.vercel-scripts.com *.posthog.com https://vercel.live https://snap.licdn.com https://bat.bing.com https://www.redditstatic.com https://ws.zoominfo.com https://cdn.dreamdata.cloud https://analytics.ahrefs.com https://www.googleadservices.com https://reveal.clearbit.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hubspot.com https://js.hs-banner.com https://d.adroll.com *.chilipiper.com https://x.clearbitjs.com https://app.clearbit.com *.optimizely.com *.hs-scripts.com *.adroll.com *.osano.com tracking-api.g2.com; worker-src 'self' blob:; style-src 'self' use.typekit.net p.typekit.net *.vercel.app optimize.google.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' https://eftsure.vercel.app https://eftsure-develop.vercel.app https://www.eftsure.com; img-src 'self' https: data: https://eftsure.vercel.app https://eftsure-develop.vercel.app https://www.eftsure.com *.wistia.com; font-src 'self' fonts.intercomcdn.com fonts.gstatic.com use.typekit.net data: https://eftsure.vercel.app https://eftsure-develop.vercel.app https://www.eftsure.com *.wistia.com; frame-ancestors 'self' https://www.eftsure.com https://eftsure.vercel.app https://eftsure-develop.vercel.app *.cms.optimizely.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://forms.hsforms.com;

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

eftsure.com