SSL Certificate Analysis for info.jumpcloud.com - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=info.jumpcloud.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

January 03, 2026

Valid Until

April 03, 2026 73 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

1E:2F:C0:5D:C2:35:75:BE:DD:D7:A9:E6:75:EF:A4:15:0E:4B:C3:BE:18:AA:3D:E9:AD:64:AE:84:FD:AA:E1:74

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; font-src; img-src; +3 more

default-src 'self' blob: https://app.qualified.com wss://ws7.qualified.com https://706-rst-100.mktoresp.com https://*.6sense.com/v3/company/details https://console.jumpcloud.com https://jump-cloud.navattic.com https://capture.navattic.com https://*.reddit.com https://www.redditstatic.com https://*.chilipiper.com wss://*.intercom.io https://*.intercom.io https://*.google.com https://bam.nr-data.net https://ct.capterra.com https://cdn.linkedin.oribi.io/partner/373868/domain/jumpcloud.com/token https://px.ads.linkedin.com https://ibc-flow.techtarget.com https://jumpcloud940.outgrow.us/ https://*.takingbackjuly.com https://optanon.blob.core.windows.net https://segmentcdn.jumpcloud.com https://c.6sc.co/ https://ipv6.6sc.co/ https://scout.salesloft.com https://www.youtube.com https://secure.adnxs.com https://xd.adobe.com https://embedwistia-a.akamaihd.net https://bat.bing.com https://api.segment.io https://*.litix.io https://calendly.com https://*.wistia.com https://*.wistia.net https://bam-cell.nr-data.net https://insight.adsrvr.org https://privacyportal.onetrust.com https://pixels.spotify.com/v1/ingest https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://js.driftt.com https://info.jumpcloud.com https://analytics.google.com/ https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com *.split.io; font-src 'self' data: fonts.gstatic.com use.typekit.net; img-src 'self' data: blob: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: data: https://js.qualified.com https://munchkin.marketo.net https://use.typekit.net https://widget.intercom.io/widget/wgmb0rm8 https://secure.intelligent-business-7.com/ https://js.adsrvr.org/ https://js.intercomcdn.com https://*.chilipiper.com https://www.youtube.com https://bam.nr-data.net https://static.cloudflareinsights.com https://*.takingbackjuly.com https://cdn-assets-prod.s3.amazonaws.com https://segmentcdn.jumpcloud.com https://info.jumpcloud.com https://cdn.jsdelivr.net https://*.clarity.ms https://cloud.jumpcloud.com https://*.calendly.com https://cdn.pdst.fm https://cdn.pdst.fm https://bam-cell.nr-data.net https://pi.pardot.com https://js-agent.newrelic.com https://analytics.twitter.com https://platform.twitter.com https://grow.clearbitjs.com https://a.smtrk.net https://trk.techtarget.com https://static.ads-twitter.com https://*.wistia.net https://*.wistia.com https://js.driftt.com https://a.quora.com https://scout-cdn.salesloft.com https://www.redditstatic.com https://connect.facebook.net https://bat.bing.com https://j.6sc.co https://snap.licdn.com https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com https://geolocation.onetrust.com https://www.gstatic.com https://www.googleadservices.com https://dyv6f9ner1ir9.cloudfront.net/assets/js/sloader.js; style-src 'unsafe-inline' 'self' https://www.googletagmanager.com fonts.googleapis.com https://info.jumpcloud.com use.typekit.net p.typekit.net https://*.calendly.com; media-src 'self' data: blob: *;

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

camera=(), geolocation=(), microphone=(), payment=(), screen-wake-lock=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

info.jumpcloud.com