SSL Certificate Analysis for hmhco.com - Security Grade & TLS Configuration

Open Cached · just now

79/100 SECURITY SCORE

Certificate Information

Subject

CN=imperva.com

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2026 Q1

Valid From

January 21, 2026

Valid Until

July 20, 2026 164 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

02:FB:83:95:90:B2:B0:78:D8:FD:86:69:F5:02:CA:1E:6B:5E:0B:DB:E2:83:6C:04:36:5A:6A:FF:7A:86:AB:A2

Alternative Names

96 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15768000; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

browsing-topics=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

96 domains

hmhco.com *.hmhco.com cert-staging.hmhco.com cert-waf.hmhco.com cert.hmhco.com cs41sf.hmhco.com hapi.hmhco.com na49sf.hmhco.com papi.hmhco.com prod-staging.hmhco.com *.cert.hmhco.com *.tgds.hmhco.com *.cert.ips-nonprod.hmhco.com *.cert.webnp.hmhco.com *.int.tsg.hmhco.com *.prod.ips-prod.hmhco.com

Other domains in certificate

channelone.com *.channelone.com pre.channelone.com

fandpleveledbooks.com *.fandpleveledbooks.com

demo-resources.fountasandpinnell.com digital.fountasandpinnell.com fountasandpinnell.com *.fountasandpinnell.com fpblog.fountasandpinnell.com resources.fountasandpinnell.com

analytics-cert.gogetwaggle.com analytics.gogetwaggle.com gogetwaggle.com *.gogetwaggle.com instruct-cert.gogetwaggle.com instruct.gogetwaggle.com practice-cert.gogetwaggle.com practice.gogetwaggle.com securedirectsync.gogetwaggle.com www.gogetwaggle.com

gomathacademy.com *.gomathacademy.com

authors.heinemann.com blog.heinemann.com *.cert.heinemann.com *.cert.webnp.heinemann.com *.demo.heinemann.com digital-fountasandpinnell.heinemann.com fandpleveledbooks.heinemann.com fountasandpinnell.heinemann.com fpdms.heinemann.com heinemann.com *.heinemann.com ltl.heinemann.com mosaic.heinemann.com myproducts.heinemann.com onlinepd.heinemann.com pdhandouts.heinemann.com *.prod.webpr.heinemann.com resources-fountasandpinnell.heinemann.com sample.heinemann.com searchit.heinemann.com www.heinemann.com

hmhbooks.com *.hmhbooks.com

*.ep.hmhpub.com *.hmhpub.com

*.hrw.com

imperva.com

listeningtolearn.com *.listeningtolearn.com pilot-qa.listeningtolearn.com *.pilot-qa.listeningtolearn.com pilot.listeningtolearn.com *.pilot.listeningtolearn.com

*.cert.mapnwea.org *.mapnwea.org

mathsolutions.com *.mathsolutions.com www.mathsolutions.com

*.cms.nwea.io

access.auth.nwea.org *.auth.perf.nwea.org *.cert.nwea.org *.cms-dev.nwea.org *.edr00.slkcut01.nwea.org *.nwea.org *.perf.nwea.org *.ptldor02.nwea.org *.state.nwea.org

*.nwea.us

regieroutman.com *.regieroutman.com

serravallostrategies.com *.serravallostrategies.com www.serravallostrategies.com

thinkcentral.com *.thinkcentral.com

*.unitsofstudy.com