SSL Certificate Analysis for hidglobal.com - Security Grade & TLS Configuration

Open Cached · just now

90/100 SECURITY SCORE

Certificate Information

Subject

CN=hidglobal.com

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

December 03, 2025

Valid Until

March 03, 2026 50 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

D1:19:AB:50:B9:10:8F:C2:32:DB:70:0C:14:59:68:37:AE:C6:C3:E8:0D:7B:62:8C:6A:CF:0C:92:42:51:D1:2D

Alternative Names

7 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; connect-src; font-src; +7 more

default-src 'self' d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org www.google-analytics.com *.hidglobal.com *.hid.gl *.mktoresp.com sentry.io www.trustradius.com *.zoominfo.com; connect-src 'self' *.6sc.co *.6sense.com *.adobe.io wss://*.adobe.io insights.algolia.io *.algolia.net *.algolianet.com bat.bing.com *.clarity.ms d30ia583fbtg8i.cloudfront.net dudodiprj2sv7.cloudfront.net cdn.cookielaw.org stats.g.doubleclick.net analytics.google.com www.google-analytics.com www.google.com pagead2.googlesyndication.com *.hidglobal.com *.interactivecalculator.com gmc.lingotek.com px.ads.linkedin.com 289-tsc-352.mktoresp.com 874-yjr-516.mktoweb.com *.omappapi.com siteintercept.qualtrics.com hidglobal.my.salesforce-sites.com www.trustradius.com p.typekit.net use.typekit.net upload.uploadcare.com js.zi-scripts.com *.zoominfo.com https://www.google-analytics.com https://www.googletagmanager.com https://metrics.hidglobal.com/; font-src 'self' maxcdn.bootstrapcdn.com d30ia583fbtg8i.cloudfront.net dudodiprj2sv7.cloudfront.net fonts.gstatic.com *.interactivecalculator.com www.trustradius.com use.typekit.net p.typekit.net; frame-src 'self' documentcloud.adobe.com bugcrowd.com d30ia583fbtg8i.cloudfront.net bid.g.doubleclick.net hidglobal-communities.force.com hidglobal.force.com hidglobal.secure.force.com *.visual.force.com hidglobal.formstack.com www.google.com www.google-analytics.com www.googletagmanager.com indd.adobe.com info.hidglobal.com *.interactivecalculator.com html5-player.libsyn.com 874-yjr-516.mktoweb.com hid-mobile.netlify.app hid-mobile-access-cn.netlify.app hid-mobile-access-fr.netlify.app hid-mobile-access-jp.netlify.app hid-mobile-access-kr.netlify.app *.my.salesforce.com hidglobal.my.salesforce.com hidglobal.my.salesforce-sites.com hidglobal.my.site.com sketchfab.com open.spotify.com cdn.thinglink.me www.trustradius.com player.vimeo.com; img-src 'self' data: *.6sc.co assets.adoberesources.net s3.amazonaws.com bat.bing.com ct.capterra.com *.clarity.ms d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org stats.g.doubleclick.net www.facebook.com www.google.com tagmanager.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com lh3.googleusercontent.com ssl.gstatic.com www.gstatic.com *.hid.gl *.hidglobal.com hidglobal.com www.hidglobal.cn *.interactivecalculator.com gmc.lingotek.com px.ads.linkedin.com 874-yjr-516.mktoweb.com *.omappapi.com wec-assets.terminus.services cdn.thinglink.me media.trustradius.com www.trustradius.com ucarecdn.com i.vimeocdn.com i.ytimg.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' *.6sc.co documentcloud.adobe.com assets.adoberesources.net bat.bing.com sjs.bizographics.com bugcrowd.com assets.bugcrowdusercontent.com www.clarity.ms d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.com connect.facebook.net apis.google.com www.google.com tagmanager.google.com www.googleadservices.com www.google-analytics.com ajax.googleapis.com www.googleapis.com www.googletagmanager.com www.gstatic.com *.hidglobal.com info.hidglobal.com *.interactivecalculator.com https://cdn.jsdelivr.net snap.licdn.com px.ads.linkedin.com www.linkedin.com munchkin.marketo.net 874-yjr-516.mktoweb.com *.omappapi.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com hidglobal.my.salesforce-sites.com vidassets.terminus.services wec-assets.terminus.services www.thinglink.com cdn.thinglink.me www.trustradius.com ucarecdn.com js.zi-scripts.com *.zoominfo.com gmc.lingotek.com https://cdnjs.cloudflare.com https://d3js.org https://embed.interactivecalculator.com https://metrics.hidglobal.com/; script-src-elem 'self' 'unsafe-inline' *.6sc.co documentcloud.adobe.com assets.adoberesources.net bat.bing.com sjs.bizographics.com bugcrowd.com assets.bugcrowdusercontent.com www.clarity.ms d30ia583fbtg8i.cloudfront.net cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.com connect.facebook.net apis.google.com www.google.com tagmanager.google.com www.googleadservices.com www.google-analytics.com ajax.googleapis.com www.googleapis.com www.googletagmanager.com www.gstatic.com *.hidglobal.com info.hidglobal.com *.interactivecalculator.com https://cdn.jsdelivr.net snap.licdn.com px.ads.linkedin.com www.linkedin.com munchkin.marketo.net 874-yjr-516.mktoweb.com *.omappapi.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com hidglobal.my.salesforce-sites.com vidassets.terminus.services wec-assets.terminus.services www.thinglink.com cdn.thinglink.me www.trustradius.com ucarecdn.com js.zi-scripts.com *.zoominfo.com gmc.lingotek.com https://cdnjs.cloudflare.com https://d3js.org https://embed.interactivecalculator.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com d30ia583fbtg8i.cloudfront.net tagmanager.google.com fonts.googleapis.com info.hidglobal.com *.interactivecalculator.com 874-yjr-516.mktoweb.com *.omappapi.com hidglobal.my.salesforce-sites.com cdn.thinglink.me www.trustradius.com p.typekit.net use.typekit.net gmc.lingotek.com https://cdnjs.cloudflare.com https://use.typekit.net; form-action 'self' d30ia583fbtg8i.cloudfront.net *.ddev.site www.google-analytics.com *.hid.gl *.hidglobal.com info.hidglobal.com *.interactivecalculator.com *.mktoresp.com 874-yjr-516.mktoweb.com hidglobal.qualtrics.com webto.salesforce.com sentry.io www.trustradius.com; frame-ancestors 'self' hidglobal.com www.hidglobal.com

X-Frame-Options

Present

ALLOW-FROM https://hidglobal.com

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

7 domains

hidglobal.com blog.hidglobal.com careers.hidglobal.com events.hidglobal.com newsroom.hidglobal.com support.hidglobal.com www.hidglobal.com