SSL Certificate Analysis for feedback.sleekplan.com - Security Grade & TLS Configuration

Open Cached · just now

92/100 SECURITY SCORE

Certificate Information

Subject

CN=feedback.sleekplan.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 30, 2025

Valid Until

March 30, 2026 63 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

6B:6F:D1:4C:E9:0F:07:6D:CA:30:45:5E:3B:76:0D:A7:AA:60:60:FA:FB:90:AE:18:BE:0A:72:76:34:54:E7:8E

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; child-src; connect-src; +9 more

default-src 'self' https://sleekplan.com https://*.sleekplan.com; child-src 'self' blob: https://sleekplan.com https://*.sleekplan.com *.wistia.net https://*.loom.com https://*.stripe.com https://*.useloom.com https://*.vimeo.com https://*.youtu.be https://*.youtube.com https://intercom-sheets.com https://loom.com https://recaptcha.recaptcha.net/recaptcha/ https://share.intercom.io https://useloom.com https://vimeo.com https://www.facebook.com https://www.recaptcha.net/recaptcha/ https://www.intercom-reporting.com https://youtu.be https://youtube.com; connect-src 'self' https://sleekplan.com https://*.sleekplan.com *.sleekplan.cloud unpkg.com *.unpkg.com *.wistia.com *.wistia.net https://*.hubspot.com https://*.intercom.io https://*.litix.io https://*.stripe.com https://bat.bing.com https://embedwistia-a.akamaihd.net https://heapanalytics.com https://rs.fullstory.com https://sentry.io https://stats.g.doubleclick.net https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.facebook.com https://www.google-analytics.com https://www2.profitwell.com wss://*.intercom.io; font-src * data:; form-action 'self' https://sleekplan.com https://*.sleekplan.com https://api-iam.intercom.io https://intercom.help https://www.facebook.com; img-src * data:; media-src * blob: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sleekplan.com https://*.sleekplan.com unpkg.com *.unpkg.com *.wistia.com cdn.heapanalytics.com https://*.atl-paas.net https://*.hubspot.com https://*.intercom.io https://cdn.jsdelivr.net https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://a.quora.com https://bat.bing.com https://cdnjs.cloudflare.com https://connect.facebook.net https://ct.capterra.com https://edge.fullstory.com https://g.microsoft.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.intercomcdn.com https://heapanalytics.com https://public.profitwell.com https://snap.licdn.com https://www.recaptcha.net/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://zapier.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://sleekplan.com https://*.sleekplan.com unpkg.com *.unpkg.com https://www.googletagmanager.com https://*.intercom.io https://*.intercomcdn.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://sleekplan.com https://*.sleekplan.com https://rsms.me https://maxcdn.bootstrapcdn.com https://*.atlassian.com https://*.zdassets.com https://*.zendesk.com https://cdnjs.cloudflare.com https://heapanalytics.com https://fonts.googleapis.com; report-uri https://ingest.sleekplan.com/api/6/security/csp-report

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

feedback.sleekplan.com