SSL Certificate Analysis for help.gyazo.com - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=help.gyazo.com

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

November 24, 2025

Valid Until

February 22, 2026 39 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

B0:45:CE:E7:93:E0:66:BA:08:A1:6C:C7:B1:8E:F5:D5:8D:4D:AD:A6:E1:68:3C:3E:4A:12:8A:2A:0D:97:AE:3B

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; preload

Content-Security-Policy

Basic

connect-src; default-src; font-src; +7 more

connect-src 'self' https://storage.googleapis.com www.google-analytics.com https://o22822.ingest.sentry.io https://analytics.google.com https://*.helpfeel.com https://helpfeel.com wss://*.intercom.io https://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://cf.channel.io https://api.channel.io wss://ws.channel.io https://bs.nakanohito.jp http://cs.nakanohito.jp https://collect.ptengine.jp https://*.force.com https://stats.g.doubleclick.net https://mirror2.karte.io wss://mirror-socket2.karte.io https://forms.hubspot.com *.karte.io https://ekr.zdassets.com https://static.zdassets.com https://okage.zendesk.com;default-src 'self';font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com https://c1.sfdcstatic.com https://fonts.googleapis.com;form-action 'self' *;frame-src 'self' www.google.com www.youtube.com player.vimeo.com https://helpfeel.com https://pdfjs.helpfeel.com faq.sonysonpo.co.jp https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://fast.wistia.net https://platform.twitter.com https://social-plugins.line.me https://connect.facebook.net https://www.facebook.com https://bid.g.doubleclick.net https://service.force.com *.karte.io;img-src * data: blob:;media-src *;script-src 'self' www.google-analytics.com www.google.com www.gstatic.com maps.googleapis.com https://storage.googleapis.com/helpfeel-custom-projects/ https://custom-assets.helpfeel.com/ browser.sentry-cdn.com www.googletagmanager.com https://analytics.google.com https://helpfeel.com 'unsafe-inline' 'unsafe-inline' *.karte.io 'unsafe-eval' https://*.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://d.line-scdn.net https://connect.facebook.net cdn.channel.io https://www.youtube.com https://s.ytimg.com http://www.googleadservices.com https://googleads.g.doubleclick.net http://connect.facebook.net http://s.yimg.jp http://cs.nakanohito.jp http://js.ptengine.jp https://b97.yahoo.co.jp https://static.ads-twitter.com https://analytics.twitter.com https://*.salesforceliveagent.com https://*.my.salesforce.com https://static.lightning.force.com https://*.force.com https://cache.dga.jp https://www.iyobank.co.jp https://i39.dga.jp http://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net b92.yahoo.co.jp *.sync.usonar.jp mk.desknets.com mk.chatluck.com pi.pardot.com https://static.zdassets.com https://info.stanby.com/;style-src 'self' 'unsafe-inline' https://storage.googleapis.com/helpfeel-custom-projects/ https://custom-assets.helpfeel.com/ https://fonts.googleapis.com https://*.force.com https://cache.dga.jp *.karte.io;worker-src 'self'

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

help.gyazo.com