SSL Certificate Analysis for insidetracker.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=Massachusetts, L=Cambridge, O=Segterra, Inc., CN=*.insidetracker.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Valid From

July 25, 2025

Valid Until

July 07, 2026 174 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

8D:D8:DB:CB:52:AF:10:AB:4C:3E:A4:36:99:6B:8F:10:9D:F2:8D:99:76:CA:EB:00:3A:52:D9:75:74:52:4D:16

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000 ; includeSubDomains

Content-Security-Policy

Basic

base-uri; script-src; upgrade-insecure-requests; +1 more

base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com https://www.upsellit.com https://dx.mountain.com https://px.mountain.com https://cdn.mxpnl.com https://connect.facebook.net https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://s.ntv.io https://jadserve.postrelease.com https://code.jquery.com https://netdna.bootstrapcdn.com https://shareasaleanalytics.com https://d3js.org https://js.braintreegateway.com https://netdna.bootstrapcdn.com https://cdn.optimizely.com https://cdn.optimizely.com https://cdn.walkme.com https://platform.twitter.com https://cdn.pdst.fm https://utt.impactcdn.com https://static.criteo.net https://edge.fullstory.com https://www.recaptcha.net https://js.hs-scripts.com https://static.criteo.net https://utt.impactcdn.com https://sslwidget.criteo.com https://sslwidget.criteo.com https://www.gstatic.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.usemessages.com https://js.hs-banner.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://gs.mountain.com/gs https://match.sharethrough.com https://maps.googleapis.com https://www.google.com https://sdk.postscript.io https://insidetracker3e41a.referralrock.com https://youtube.com https://www.youtube.com https://www.redditstatic.com https://api.gorgias.work https://storage.googleapis.com https://us-east1-898b.gorgias.chat https://assets.gorgias.chat https://config.gorgias.io https://config.gorgias.chat https://*.upsellit.com https://cdn.entail-insights.com https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com https://a.quora.com https://cdn.amplitude.com https://widget.surveymonkey.com https://api.surveymonkey.com https://surveymonkey.com https://*.upsellit.com https://ajax.googleapis.com https://cdn.iframe.ly https://widget.trustpilot.com https://js.hsforms.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; upgrade-insecure-requests; frame-ancestors 'self' https://builder.io

X-Frame-Options

Present

allow-from https://builder.io

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

geolocation=(), camera=(), microphone=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

insidetracker.com *.insidetracker.com