SSL Certificate Analysis for go.coherent.com - Security Grade & TLS Configuration

Open Cached · just now

92/100 SECURITY SCORE

Certificate Information

Subject

CN=go.coherent.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 23, 2026

Valid Until

April 23, 2026 71 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

44:B6:6A:F3:B2:97:A4:69:BB:23:2F:1B:95:E0:5B:1A:40:65:9F:93:01:A1:5B:AE:28:E6:AF:D3:57:B9:11:F5

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

Upgrade-Insecure-Requests; default-src; connect-src; +12 more

Upgrade-Insecure-Requests; default-src 'self' https: *.hotjar.com *.hotjar.io; connect-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.hotjar.com *.hotjar.io wss://*.hotjar.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net performance.typekit.net *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.coherent.com *.google.com *.osano.com t.co lltrck.com; media-src 'self' blob: https: *.coherent.com; img-src 'self' data: https: *.coherent.com *.scene7.com *.ggpht.com *.ytimg.com *.google.com *.example.com *.linkedin.com *.facebook.com *.youtube.com *.google.com *.google-analytics.com *.imgix.net *.doubleclick.net *.pardot.com *.adsymptotic.com t.co; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; font-src 'self' data: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.typekit.com *.hotjar.com *.hotjar.io *.gstatic.com *.google.com *.doubleclick.net *.coherent.com *.google-analytics.com *.pardot.com; object-src 'self' *.bioz.com; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' data: blob: https: *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.osano.com *.zoominfo.com *.facebook.net *.hotjar.com *.hotjar.io *.facebook.com *.linkedin.com *.searchcdn.com *.addsearch.com *.gstatic.com *.google.com *.googletagmanager.com *.driftt.com geoip-db.com *.wistia.net *.wistia.com *.googleapis.com *.coherent.com *.pardot.com *.google-analytics.com *.msecnd.net *.drift.com *.youtube.com *.licdn.com *.twitter.com *.ads-twitter.com *.googleadservices.com *.doubleclick.net *.peopleclick.com *.peopleclick.eu.com *.adsymptotic.com *.googlesyndication.com *.googletagservices.com t.co lltrck.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: https: *.googleapis.com *.google.com *.google-analytics.com *.cloudfront.net *.addsearch.com *.drift.com *.coherent.com *.pardot.com *.driftt.com *.osano.com *.googletagmanager.com; form-action 'self' https: *.coherent.com *.osano.com *.drift.com *.driftt.com *.driftcdn.com *.youtube.com *.peopleclick.com *.doubleclick.net *.zoominfo.com *.peopleclick.eu.com *.pardot.com *.google-analytics.com *.google.com *.facebook.net; frame-ancestors 'self' blob: https: *.algolia.net *.algolianet.com *.coherent.com *.peopleclick.com *.peopleclick.eu.com *.algolia.net *.algolianet.com *.adobedtm.com *.adobe.com *.day.com *.scene7.com *.demdex.net cm.everesttech.net *.hotjar.com *.hotjar.io *.pardot.com *.osano.com t.co *.twitter.com *.ads-twitter.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com lltrck.com; base-uri 'self'

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

awstrust.com digicert.com letsencrypt.org ; validationmethods=http-01;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/23216805

Incident Reporting

mailto:[email protected]

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

1 domain

go.coherent.com