SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Unknown Certificate Authority - the server's certificate is not trusted
Open
Cached
·
just now
83/100
SECURITY SCORE
Certificate Information
Subject
CN=go.datasite.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
November 19, 2025
Valid Until
February 17, 2026
31 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E8:0E:A0:A1:6B:D5:E7:12:25:AD:F3:D6:A9:8F:A4:22:59:8D:29:EF:36:DF:85:55:6A:C3:22:E6:69:A6:6A:A8
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31534000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src 'self' cdn.vidyard.com play.vidyard.com https://cdn.evergage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.adroll.com *.adsrvr.org *.clarity.ms *.clickagy.com *.cloudfront.net *.datasite.com *.dca0.com *.ensighten.com *.evergage.com *.evgnet.com *.g2.com *.googleapis.com *.gstatic.com *.hotjar.com *.tapad.com *.pendo.io *.osano.com *.reddit.com *.redditstatic.com *.salesforceliveagent.com *.storage.googleapis.com *.trustradius.com *.twimg.com *.zoominfo.com acsbapp.com ajax.aspnetcdn.com analytics.twitter.com apis.google.com assets.adobedtm.com b.sf-syn.com bat.bing.com cdn.jsdelivr.net cdn.vidyard.com cdnjs.cloudflare.com code.createjs.com connect.facebook.net contact-datasite.secure.force.com cookie-cdn.cookiepro.com ct.capterra.com d.adroll.mgr.consensu.org datasite.my.salesforce.com datasite--staging.lightning.force.com dc.services.visualstudio.com geolocation.onetrust.com go.datasite.com googleads.g.doubleclick.net http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://tracking-api.production.g2.com https://www.youtube.com js.monitor.azure.com js.zi-scripts.com lltrck.com pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com s.yimg.com scout-cdn.salesloft.com secure.golp4elik.com service.force.com snap.licdn.com sp.analytics.yahoo.com ssl.pstatic.net stackpath.bootstrapcdn.com staging-contact-datasite.cs191.force.com static.ads-twitter.com static.lightning.force.com tracking.g2crowd.com use.fontawesome.com wcs.naver.net www.google.co.uk www.google.com www.googleadservices.com www.google-analytics.com zi-tag.js https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com nexus.ensighten.com tags.srv.stackadapt.com js.hsforms.net static.hsappstatic.net forms.hsforms.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net https://cdn.insight.sitefinity.com https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src 'unsafe-inline' 'self' *.cloudfront.net *.datasite.com *.ensighten.com *.evergage.com *.evgnet.com *.googleapis.com *.gstatic.com *.osano.com *.pendo.io *.storage.googleapis.com *.trustradius.com *.twimg.com *.typekit.net cdnjs.cloudflare.com contact-datasite.secure.force.com cookie-cdn.cookiepro.com https://*.googletagmanager.com kendo.cdn.telerik.com netdna.bootstrapcdn.com platform.twitter.com platform.twitter.com/css/ service.force.com stackpath.bootstrapcdn.com staging-contact-datasite.cs191.force.com tagmanager.google.com ton.twimg.com use.fontawesome.com www.google.co.uk www.google.com nexus.ensighten.com tags.srv.stackadapt.com https://cdn.insight.sitefinity.com; font-src 'self' data: *.cloudfront.net *.trustradius.com *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com tagmanager.google.com; img-src data: 'self' blob: media.datasite.com *.adroll.com *.adsrvr.org *.capterra.com *.cloudfront.net *.ensighten.com *.evergage.com *.evgnet.com *.googleapis.com *.gstatic.com *.tapad.com *.osano.com *.pendo.io *.storage.googleapis.com *.trustradius.com *.twimg.com analytics.google.com analytics.twitter.com b.sf-syn.com bat.bing.com capterra.s3.amazonaws.com cdn.vidyard.com cookie-cdn.cookiepro.com ct.capterra.com data.useranalytics.global.datasite.com googleads.g.doubleclick.net https://*.googletagmanager.com https://static.licdn.com https://syndication.twitter.com i.ytimg.com images.g2crowd.com lltrck.com ml314.com pbs.twimg.com platform.tumblr.com platform.twitter.com/css/ play.vidyard.com px.ads.linkedin.com px4.ads.linkedin.com sp.analytics.yahoo.com t.co web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com www.linkedin.com *.reddit.com *.redditstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.bidswitch.net *.doubleclick.net *.casalemedia.com *.rlcdn.com *.rubiconproject.com *.openx.net *.outbrain.com *.analytics.yahoo.com *.yahoo.com *.adnxs.com *.3lift.com *.pubmatic.com *.taboola.com *.company-target.com *.commander1.com *.im-apps.net *.rakuten.com *.socdm.com *.adition.com *.zdbb.net *.reson8.com *.demdex.net *.mathtag.com *.bluekai.com *.thrtle.com thrtle.com nexus.ensighten.com tags.srv.stackadapt.com static.hsappstatic.net forms-na1.hsforms.com qvdt3feo.com ps.eyeota.net https://cdn.insight.sitefinity.com; media-src 'self' blob: data: cdn.vidyard.com; form-action 'self' datasite.sitefinity.cloud datasite-stg.sitefinity.cloud event.on24.com gateway.on24.com go.datasite.com localhost:18080 localhost:5001 login.microsoftonline.com platform.twitter.com syndication.twitter.com webto.salesforce.com www.facebook.com; frame-src 'self' *.adroll.com *.cloudfront.net *.g2.com *.osano.com *.pendo.io *.vidyard.com *.youtube.com *.youtu.be b.sf-syn.com bid.g.doubleclick.net datainsights-cdn.dm.aws.gartner.com https://tracking-api.production.g2.com insight.adsrvr.org merrillcorp.demdex.net platform.twitter.com service.force.com syndication.twitter.com td.doubleclick.net twitter.com www.facebook.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com; frame-ancestors 'self' https://*.datasite.com; child-src 'self' blob: accounts.google.com apis.google.com badge.stumbleupon.com https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://w.soundcloud.com/ https://www.youtube.com/ https://www.youtube-nocookie.com staticxx.facebook.com web.facebook.com www.facebook.com; connect-src 'self' 'unsafe-inline' data: wss: *.acsbapp.com *.adroll.com *.analytics.google.com *.clarity.ms *.clickagy.com *.cloudfront.net *.datasite.com *.dca0.com *.ensighten.com *.evergage.com *.evgnet.com *.g2.com *.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.osano.com *.pendo.io *.reddit.com *.redditstatic.com *.storage.googleapis.com *.salesforce-communities.com *.trustradius.com *.tt.omtrdc.net *.zoominfo.com accounts.google.com analytics.google.com bat.bing.com cdn.linkedin.oribi.io contact-datasite.secure.force.com cookie-cdn.cookiepro.com dc.services.visualstudio.com dpm.demdex.net https://www.facebook.com geolocation.onetrust.com google.com googleads.g.doubleclick.net https://tracking-api.production.g2.com https://*.googletagmanager.com js.zi-scripts.com nam.veta.naver.com play.vidyard.com privacyportal.cookiepro.com px.ads.linkedin.com s.yimg.com scout.salesloft.com secure.adnxs.com staging-contact-datasite.cs191.force.com stats.g.doubleclick.net tagmanager.google.com tracking.g2crowd.com wcs.naver.com www.google-analytics.com nexus.ensighten.com tags.srv.stackadapt.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com static.hsappstatic.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src 'self' cdn.vidyard.com; worker-src 'self' blob: *.osano.com
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
awstrust.com
digicert.com
letsencrypt.org
; validationmethods=http-01;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/23216805
Incident Reporting
mailto:[email protected]
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'issuewild' records to control wildcard certificate issuance