SSL Certificate Analysis for importgenius.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=*.importgenius.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

June 05, 2025

Valid Until

July 04, 2026 167 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3E:B1:FD:EE:19:5E:53:6E:7C:9F:E4:84:B5:AB:45:5B:C8:72:38:9B:48:93:7D:7C:9E:C7:16:D2:AC:42:C4:95

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31557600

Content-Security-Policy

Basic

default-src; img-src; media-src; +9 more

default-src 'self'; img-src 'self' data: *.importgenius.cn importgenius.cn *.importgenius.com importgenius.com *.website-files.com sb.scorecardresearch.com *.youtube.com i.vimeocdn.com ssl.google-analytics.com *.google-analytics.com *.swaychat.com *.cloudfront.net cdn.ampproject.org pbs.twimg.com ws.sharethis.com l.sharethis.com *.facebook.com *.ucarecdn.com ucarecdn.com maps.googleapis.com maps.gstatic.com *.doubleclick.net *.google.com.ph *.google.com.pk i.ytimg.com *.bing.com bing.com *.clarity.ms *.calendly.com googletagmanager.com www.googletagmanager.com *.albacross.com albacross.com *.zohopublic.com zohopublic.com *.zohocdn.com zohocdn.com *.zoho.com *.lfeeder.com lfeeder.com *.customer.io customer.io images.unsplash.com zohopagesense.nimbuspop.com *.ads.linkedin.com googleadservices.com *.googleadservices.com bat.bing.net *.bat.bing.net *.cloudflare.com alb.reddit.com clearout.io ct.capterra.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; media-src 'self' *.importgenius.com *.google.com *.google-analytics.com cdn.prod.website-files.com ; frame-src 'self' *.zohopublic.com zohopublic.com static.zohocdn.com *.importgenius.com *.google.com *.swaychat.com *.googleapis.com www.youtube.com player.vimeo.com *.sharethis.com *.facebook.com *.firebaseio.com *.doubleclick.net recaptcha.net www.googletagmanager.com *.calendly.com calendly.com *.recaptcha.net recaptcha.net *.recurly.com recurly.com cdn.embedly.com *.schedulehero.io *.cloudflare.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: us-assets.i.posthog.com cdn.jsdelivr.net app.optibase.io *.website-files.com *.clarity.ms snap.licdn.com *.hotjar.com *.omappapi.com www.recaptcha.net edge.fullstory.com *.googletagmanager.com *.doubleclick.net polyfill-fastly.io *.gstatic.com cdn.ranksci.com *.importgenius.com *.importgenius.cn *.google.com ssl.google-analytics.com *.cloudfront.net *.googleapis.com firebaseio.com api.swayio.com *.firebaseio.com *.google-analytics.com www.gstatic.com *.swaychat.com *.googleadservices.com swaychat.firebaseio.com *.youtube.com s.ytimg.com cdn.ampproject.org *.sharethis.com connect.facebook.net recaptcha.net fullstory.com geocoder.api.here.com *.datadoghq-browser-agent.com *.bing.com *.zoho.com *.calendly.com *.albacross.com maillist-manage.com *.zohocdn.com zohocdn.com *.zohopublic.com zohopublic.com *.customer.io customer.io *.lfeeder.com lfeeder.com *.recurly.com recurly.com code.jquery.com cdn.pagesense.io js.usebasin.com unpkg.com cdnjs.cloudflare.com cdn.logr-ingest.com *.claydar.com assets.revenuehero.io ipinfo.io *.redditstatic.com clearout.io *.cloudflare.com *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; worker-src 'self' blob:; connect-src 'self' c.ba.contentsquare.net app.optibase.io videsigns-staging.co.uk raw.githubusercontent.com geocoder.api.here.com *.google-analytics.com *.ads.linkedin.com *.swayio.com *.importgenius.com wss://*.firebaseio.com *.swaychat.com *.googleapis.com l.sharethis.com *.ucarecdn.com ucarecdn.com *.sentry.io *.fullstory.com fullstory.com *.googletagmanager.com *.datadoghq.com analytics.google.com www.google.com google.com *.posthog.com *.clarity.ms clarity.ms salesiq.zohopublic.com wss://vts.zohopublic.com *.zohopublic.com vc.hotjar.io *.albacross.com *.doubleclick.net doubleclick.net *.recurly.com recurly.com api.omappapi.com omappapi.com *.facebook.com facebook.com wss://*.hotjar.com *.hotjar.com *.hotjar.io pagesense-collect.zoho.com get.geojs.io webflow.com api.ipify.org r.logr-ingest.com googleadservices.com *.googleadservices.com *.analytics.google.com cdn.jsdelivr.net *.claydar.com bat.bing.net app.revenuehero.io pixel-config.reddit.com clearout.io *.clearout.io *.bat.bing.net *.google.com google.com *.google.ca google.ca *.google.com.mx google.com.mx *.google.co.uk google.co.uk *.google.com.tr google.com.tr *.google.co.in google.co.in *.google.com.br google.com.br *.google.com.au google.com.au *.google.ae google.ae *.google.co.kr google.co.kr; font-src 'self' *.importgenius.com *.importgenius.cn data: cdn.prod.website-files.com *.webflow.com *.swaychat.com *.cloudfront.net fonts.gstatic.com *.googleapis.com css.zohocdn.com cdn2.importgenius.com webfonts.zoho.com static.zohocdn.com cdn.jsdelivr.net *.zohocdn.com ; style-src 'self' 'unsafe-inline' *.importgenius.com *.importgenius.cn *.website-files.com *.swaychat.com *.googleapis.com ws.sharethis.com *.google.com assets.calendly.com css.zohocdn.com *.zohocdn.com js.zohostatic.com *.zohostatic.com api.omappapi.com a.omappapi.com omappapi.com webfonts.zoho.com *.cloudflare.com cdn.jsdelivr.net ; manifest-src 'self' *.importgenius.com ; frame-ancestors 'self' *.importgenius.com ; object-src 'none';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

importgenius.com *.importgenius.com