SSL Certificate Analysis for envoke.com - Security Grade & TLS Configuration

Open Cached · just now

92/100 SECURITY SCORE

Certificate Information

Subject

CN=envoke.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

November 24, 2025

Valid Until

February 22, 2026 55 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

CE:56:02:D5:A5:FC:0C:DE:B7:28:BB:B8:F2:65:14:3D:32:F0:2A:AE:C1:C7:6A:4C:B8:7C:96:F7:B2:CD:A7:DE

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +10 more

default-src 'self' blob: https://cdn-ilcfdhd.nitrocdn.com/ https://nitroscripts.com/ https://*.paddle.com https://*.profitwell.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://e1.envoke.com https://engage.envoke.com/ext/embed/engagements/ https://eml.envoke.com/ext/embed/engagements/ https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://js.intercomcdn.com https://widget.intercom.io/widget/ev9a263d https://w338l7p6z1nt.statuspage.io https://files.envoke.com/web_files/812/scripts/nvk.js https://player.vimeo.com/api/player.js https://sc.lfeeder.com/lftracker_v1_bElvO73rqp18ZMqj.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/ba2b83a682.js https://ct.capterra.com/capterra_tracker.js https://cdnjs.cloudflare.com/ajax/libs/ https://unpkg.com/micromodal/dist/micromodal.min.js https://unpkg.com/alpinejs https://cdn.jsdelivr.net/npm/[email protected]/dist/js/select2.min.js https://nitroscripts.com https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js https://polyfill.io https://*.googleapis.com https://*.sentry-cdn.com https://*.paddle.com https://*.profitwell.com https://js.stripe.com/v3/ blob: https://cdn-ilefnbb.nitrocdn.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://e1.envoke.com/css/nvk-content.min.css https://cdn.jsdelivr.net/npm/[email protected]/dist/css/select2.min.css https://cdn-ilcfdhd.nitrocdn.com/ https://*.paddle.com https://*.profitwell.com https://cdn-ilefnbb.nitrocdn.com/; img-src 'self' http: https: data: https://e1.envoke.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ga-audiences https://capterra.s3.amazonaws.com/assets/images/ https://assets.capterra.com https://cdn-ilcfdhd.nitrocdn.com/ https://to.getnitropack.com/ https://dna8twue3dlxq.cloudfront.net; connect-src 'self' https://engage.envoke.com/ext/embed/engagements/ https://*.envoke.com/form.php https://*.google.com https://*.google.ca https://*.google.co.uk https://*.google.com.au https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://stats.g.doubleclick.net https://api-iam.intercom.io/messenger/web/ wss://nexus-websocket-a.intercom.io/pubsub/ https://to.getnitropack.com/p https://*.paddle.com https://*.profitwell.com https://browser.sentry-cdn.com https://cdn-ilefnbb.nitrocdn.com/ https://to.getnitropack.com/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://fonts.intercomcdn.com/messenger-m4/ https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/ https://cdn-ilcfdhd.nitrocdn.com/ https://cdn-ilefnbb.nitrocdn.com/; media-src 'self' https://js.intercomcdn.com; child-src 'self' blob: https://*.google.com https://td.doubleclick.net https://player.vimeo.com https://w338l7p6z1nt.statuspage.io; frame-ancestors 'self'; frame-src 'self' data: https://w338l7p6z1nt.statuspage.io https://player.vimeo.com/video/ https://maps.google.com/ https://www.google.com/ https://www.googletagmanager.com https://*.paddle.com https://*.profitwell.com https://js.stripe.com/v3/; worker-src 'self' blob: https://cdn-ilcfdhd.nitrocdn.com/ https://cdn-ilefnbb.nitrocdn.com/; report-to envoke-csp; report-uri https://envoke.report-uri.com/r/d/csp/enforce

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

autoplay=("https://player.vimeo.com"), camera=(), display-capture=(), fullscreen=(self "https://player.vimeo.com" "https://*.vimeocdn.com"), geolocation=*, microphone=(), picture-in-picture=("https://player.vimeo.com")

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

envoke.com