SSL Certificate Analysis for filyou.com - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=filyou.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

November 30, 2025

Valid Until

February 28, 2026 82 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

88:FF:D4:2F:CF:7C:F7:D6:F8:22:13:17:5A:88:A1:65:23:DB:04:B2:EB:FF:FA:C9:DB:EB:02:6E:7D:47:F4:E9

Alternative Names

5 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; img-src; media-src; +10 more

default-src 'self'; img-src 'self' data: blob: *.commoninja.com cdn.filyou-pro.com storage.googleapis.com firebasestorage.googleapis.com flagcdn.com lh3.googleusercontent.com q.stripe.com api.mapbox.com ws.colissimo.fr www.mariages.net cdn1.mariages.net cdn.commoninja.com www.facebook.com static.hotjar.com script.hotjar.com static.intercomassets.com js.intercomcdn.com uploads.intercomcdn.com downloads.intercomcdn.com img.sct.eu1.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.analytics.google.com accounts.google.com apis.google.com *.gstatic.com staticxx.facebook.com consentcdn.cookiebot.com consentcdn.cookiebot.eu consent.cookiebot.com filyou.com www.filyou.com staging-client.filyou-pro.com gtm.filyou.com *.calendly.com calendly.com; media-src 'self' data: blob: cdn.filyou-pro.com storage.googleapis.com firebasestorage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googletagmanager.com *.google-analytics.com *.analytics.google.com accounts.google.com apis.google.com *.gstatic.com ajax.googleapis.com api.mapbox.com ws.colissimo.fr plugin.filyou.tilli.fr cdn.commoninja.com js.stripe.com connect.facebook.net staticxx.facebook.com static.hotjar.com script.hotjar.com widget.intercom.io js.intercomcdn.com consent.cookiebot.com consentcdn.cookiebot.com consentcdn.cookiebot.eu gtm.filyou.com *.calendly.com calendly.com; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; worker-src 'self' blob: data:; connect-src 'self' https: wss: *.googletagmanager.com *.commoninja.com *.google-analytics.com *.analytics.google.com accounts.google.com apis.google.com api.mapbox.com events.mapbox.com api.stripe.com m.stripe.com www.facebook.com connect.facebook.net staticxx.facebook.com static.hotjar.com script.hotjar.com widget.intercom.io api-iam.intercom.io api-iam.eu.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io consent.cookiebot.com consentcdn.cookiebot.com consentcdn.cookiebot.eu filyou.com www.filyou.com staging-client.filyou-pro.com gtm.filyou.com *.calendly.com calendly.com; frame-src 'self' *.googletagmanager.com accounts.google.com accounts.youtube.com apis.google.com js.stripe.com cdn.commoninja.com www.facebook.com connect.facebook.net staticxx.facebook.com widget.intercom.io intercom-sheets.com consent.cookiebot.com consentcdn.cookiebot.com consentcdn.cookiebot.eu filyou.com www.filyou.com staging-client.filyou-pro.com gtm.filyou.com *.calendly.com calendly.com; form-action 'self' https://accounts.google.com https://www.facebook.com https://calendly.com; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

accelerometer=(), camera=(self "https://calendly.com" "https://*.calendly.com"), geolocation=(), gyroscope=(), magnetometer=(), microphone=(self "https://calendly.com" "https://*.calendly.com"), payment=(), usb=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

5 domains

filyou.com admin-secret.filyou.com www.filyou.com

Other domains in certificate

filyou-pro.com www.filyou-pro.com