SSL Certificate Analysis for franforce.io - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=franforce.io

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 24, 2025

Valid Until

March 24, 2026 64 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

45:4A:75:D5:80:8A:77:DD:AD:52:00:2C:25:8D:E9:11:B4:31:3E:F9:5E:20:7B:6E:4D:09:AF:B8:DD:BC:54:29

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; object-src; +11 more

upgrade-insecure-requests; default-src 'self'; object-src 'self'; sandbox allow-scripts allow-same-origin allow-popups allow-forms allow-popups-to-escape-sandbox; frame-ancestors 'none'; form-action https://www.facebook.com/tr/; base-uri 'self';img-src 'self' data: https://storage.googleapis.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://px.ads.linkedin.com/ https://p.adsymptotic.com/ https://www.facebook.com/tr/ https://d.adroll.com/ https://optimize.google.com https://*.chatsupport.co https:;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-42b09594ca2e41fdb0ec4635d4c6f5d8' https://altai.click/ https://www.googleadservices.com/pagead/ https://storage.googleapis.com/clientaccess/ https://storage.googleapis.com/answerforce/ https://bat.bing.com/p/action/ https://assets.answerforce.com/common/js/ https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ https://cdn.callrail.com/ https://js.callrail.com/ https://www.google.com/ccm/https://ajax.googleapis.com/ajax/libs/jquery/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://bat.bing.com/bat.js https://rec.smartlook.com/ https://connect.facebook.net/ https://app.anywherehelp.io/ https://www.clickcease.com/monitor/stat.js https://script.tapfiliate.com/tapfiliate.js https://assets.answerforce.com/common/js/utmtracker.jshttps://s.adroll.com/ https://d.adroll.com/ https://d.adroll.mgr.consensu.org/ https://app.chatsupport.co/ https://assets.setmore.com/integration/static/setmoreIframeLive.js https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/dompurify/2.2.6/purify.min.js https://signup.answerforce.com https://signup.staging.answerforce.com/ https://events-writer.smartlook.com/rec/ https://unpkg.com/[email protected]/dist/aos.js https://unpkg.com/@glidejs/[email protected]/dist/glide.js https://*.chatsupport.co https://script.tapfiliate.com/ https://g.microsoft.com/clarity/ https://*.clarity.ms/ https://*.smartlook.com https://*.smartlook.cloud https://assets-proxy.smartlook.cloud/ https://dev.visualwebsiteoptimizer.com/ https://ipinfo.io/ https://staging.webchat.voicecurve.com/ https://cdnjs.cloudflare.com/ajax/libs/Sly/1.6.1/sly.js https://ssl.google-analytics.com/ga.js https://bat.bing.com/ https://www.googleoptimize.com/ https://script.hotjar.com/ https://booking.setmore.com https://storage.googleapis.com/answerforce-resources/ https://22638.tctm.co/t.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.0/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://web-sdk.smartlook.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://answerforcedemo.setmore.com https://assets.setmore.com/ https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js https://unpkg.com/@fingerprintjs/[email protected]/dist/fp.min.js blob:; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://storage.googleapis.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css https://maxcdn.bootstrapcdn.com/bootstrap/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://my.setmore.com/css/setmorePopup.css https://unpkg.com/[email protected]/dist/aos.css https://optimize.google.com https://booking.setmore.com https://www.googletagmanager.com/debug/badge.css https://unpkg.com/swiper/swiper-bundle.min.css https://www.googleoptimize.com/ https://answerforcedemo.setmore.com https://assets.setmore.com/ https://assets.setmore.com/integration/websiteBooking/css/setmorePopupLive.css ;font-src 'self' https://storage.googleapis.com/ https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://use.typekit.net/af/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://fonts.googleapis.com/ ;connect-src 'self' https://altai.click/ https://www.googletagmanager.com/ https://www.google.com/ https://snap.licdn.com/ https://o151188.ingest.us.sentry.io/ https://stats.g.doubleclick.net/ https://chatsupport.co/ https://analytics.google.com/ https://region1.google-analytics.com/ https://www.google-analytics.com/ https://manager.eu.smartlook.cloud/rec/ wss://rtmserver.anywhereworks.com/ https://events-writer.smartlook.com/ https://web-writer.sg.smartlook.cloud/rec/write https://assets-proxy.smartlook.cloud/ https://script.google.com/a/anywhere.co/macros/ https://signup.staging.answerforce.com/ https://signup.answerforce.com https://bat.bing.com/actionp/ https://www.googleadservices.com/pagead/conversion/ https://widget.trustpilot.com https://*.hotjar.com/ https://*.hotjar.io/ wss://ws8.hotjar.com/ wss://*.hotjar.com/ https://web-writer.sg.smartlook.cloud/rec/ https://*.smartlook.com https://*.smartlook.cloud https://storage.googleapis.com/answerforce-resources/ https://cdn.linkedin.oribi.io/partner/30600/domain/answerforce.com/token https://adservice.google.com/pagead/ https://*.chatsupport.co https://storage.staging.answerforce.com/app https://storage.answerforce.com/app https://storage.googleapis.com/stag-fullstorage https://storage.googleapis.com/fullstorage wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://frstre.com/event/ https://o151188.ingest.sentry.io https://google.com/pagead/form-data/ https://google.com/ccm/form-data/ https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/ https://capig.stape.ca/events/ https://g.microsoft.com/clarity/ https://*.clarity.ms/ https://cdn.callrail.com/ https://js.callrail.com/ https://www.google.com/ccm/ https://www.googleadservices.com/pagead/* ;media-src 'self' https://storage.googleapis.com/livesupport/ https://storage.googleapis.com/answerforce/ https://storage.googleapis.com/full-assets/ https://storage.googleapis.com/answerforce-resources/ https://assets.chatsupport.co/chat/sounds/new-incoming-chat.wav https://*.chatsupport.co ;frame-src 'self' https://www.googletagmanager.com/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://widget.trustpilot.com/ https://my.setmore.com/ https://vars.hotjar.com/ https://player.vimeo.com/ https://www.youtube.com/ https://optimize.google.com/ https://td.doubleclick.net/ https://booking.setmore.com https://join.answerforce.com/ https://answerforcedemo.setmore.com https://*.setmore.com ;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

franforce.io