SSL Certificate Analysis for foxit.com - Security Grade & TLS Configuration

Open Cached · just now

85/100 SECURITY SCORE

Certificate Information

Subject

CN=*.foxit.com

Issuer

C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2

Valid From

January 16, 2025

Valid Until

February 17, 2026 28 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

BC:52:6F:D8:5D:E8:FD:7D:14:AB:2A:7A:D1:AA:B9:11:EC:2F:12:6C:1B:62:F5:30:81:3F:7D:46:44:E1:14:DA

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; img-src; script-src; +7 more

default-src https: wss: blob: 'self' 'unsafe-inline' *.demandbase.com *.foxitesign.foxit.com salesforce.foxitesign.foxit.com *.evergage.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: www.google.com *.google.com www.google-analytics.com *.google-analytics.com optimize.google.com www.googletagmanager.com *.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net *.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com js.chilipiper.com *.gravatar.com secure.gravatar.com *.hotjar.com *.paypal.com www.google.com.hk www.google.com.tw segments.company-target.com tags.srv.stackadapt.com cdn-cookieyes.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com useruploads.vwo.io www.paypalobjects.com fonts.gstatic.com www.google.com.sg www.googleadservices.com pixel-config.reddit.com conversions-config.reddit.com *.6sc.co *.foxit.com *.g.doubleclick.net google.com *.foxitsoftware.com *.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com *.google.com www.googletagmanager.com *.googletagmanager.com *.googleadservices.com www.google-analytics.com *.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com *.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.foxitesign.foxit.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com *.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com js.na.chilipiper.com public.profitwell.com st.foxitsoftware.cn *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw paapi8916.d41.co cdn-0.d41.co a.quora.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.cn *.foxit.com *.amazon-adsystem.com www.foxit.com ipinfo.io eu1-qa.foxitesign.foxit.com pagead2.googlesyndication.com *.6sc.co 6sc.co *.terminusapp.com player.vwo.me *.cookieyes.com *.foxitsoftware.com cloudflareinsights.com *.microsoft.com; style-src 'self' 'unsafe-inline' https: www.google-analytics.com www.googletagmanager.com *.googletagmanager.com optimize.google.com *.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.hotjar.com *.demandbase.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com www.foxit.com app.vwo.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com *.hotjar.com *.evergage.com at.alicdn.com; object-src 'self' *.foxitsoftware.com; worker-src 'unsafe-inline' 'self' blob:; connect-src *.visualwebsiteoptimizer.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.hotjar.com *.hotjar.io *.zoominfo.com wss://ws.hotjar.com *.company-target.com www.google.com.sg *.foxitcloud.com bat.bing.com player.vwo.me *.reddit.com www.redditstatic.com *.linkedin.com *.6sc.co *.evergage.com *.foxitsoftware.com *.paypal.com *.google.com *.connectedpdf.com *.stripe.com www.g2.com *.foxit.com www.facebook.com *.clarity.ms *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com google.com *.googleapis.com; frame-src app.vwo.com *.visualwebsiteoptimizer.com *.foxitsoftware.com td.doubleclick.net js.driftt.com s.company-target.com js.stripe.com www.sandbox.paypal.com www.recaptcha.net *.youtube.com www.foxit.com www.paypal.com na1.foxitesign.foxit.com www.google.com www.googletagmanager.com eu1-qa.foxitesign.foxit.com *.amazon-adsystem.com player.vwo.me *.stripe.com www.facebook.com *.paypal.com *.foxitcloud.com *.foxit.com *.g2.com; frame-ancestors *.foxit.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

foxit.com *.foxit.com