SSL Certificate Analysis for hackerone.com - Security Grade & TLS Configuration

Certificate Information

Subject

UNKNOWN={:asn1_OPENTYPE, <<19, 2, 85, 83>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 8, 68, 101, 108, 97, 119, 97, 114, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=5308693, C=US, ST=California, L=San Francisco, O=HackerOne Inc., CN=hackerone.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert EV RSA CA G2

Valid From

March 07, 2025

Valid Until

April 07, 2026 75 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

0A:6C:86:94:D4:35:92:FD:AF:80:97:A4:73:D6:6E:F8:67:6F:CA:F5:B3:71:0E:F4:12:E2:0C:A2:5E:65:39:C0

Alternative Names

4 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; connect-src; font-src; +9 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

digicert.com letsencrypt.org amazonaws.com

Incident Reporting

mailto:[email protected]

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

4 domains

hackerone.com api.hackerone.com docs.hackerone.com www.hackerone.com