SSL Certificate Analysis for janitorai.com - Security Grade & TLS Configuration

Open Cached · just now

94/100 SECURITY SCORE

Certificate Information

Subject

CN=janitorai.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 25, 2025

Valid Until

March 25, 2026 67 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

EC:4E:A4:07:23:3A:8E:0E:C4:44:7C:83:41:A7:9F:AC:6C:C6:69:1E:50:C5:AB:94:2F:17:07:BF:1A:6D:DD:71

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=7257600

Content-Security-Policy

Basic

default-src; script-src; style-src; +7 more

default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://janitorai.com https://janitorai.com/ https://cdn.janitorai.com https://assets.janitorai.com https://assets.janitorai.com/ https://challenges.cloudflare.com/ https://static.cloudflareinsights.com/ https://cdn-cookieyes.com https://www.googletagmanager.com https://www.clarity.ms https://s.clarity.ms/collect https://securepubads.g.doubleclick.net https://organiccdn.io https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google https://cdn.ampproject.org https://pagead2.googlesyndication.com https://console.googletagservices.com https://hb-api.omnitagjs.com https://fastlane.rubiconproject.com https://g2.gumgum.com https://prod.tahoe-analytics.publishers.advertising.a2z.com https://dsp-cookie.adfarm1.adition.com https://api.organiccdn.io https://c.amazon-adsystem.com https://config.aps.amazon-adsystem.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google.com https://www.gstatic.com https://w.soundcloud.com; style-src 'self' 'unsafe-inline' https://assets.janitorai.com/ https://assets.janitorai.com https://fonts.googleapis.com https://api.organiccdn.io; img-src 'self' data: blob: https://*; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; worker-src 'self' blob: ; child-src 'self' blob: ; connect-src blob: http://ent https://auth.janitorai.com https://cdn.janitorai.com https://featureassets.org https://prodregistryv2.org https://statsigapi.net https://cloudflare-dns.com https://janitorai.com wss://janitorai.com https://ella.janitorai.com https://pics.janitorai.com https://kim.janitorai.com https://pictures.a88a0a0ec0a380338bfd981ac867c85a.r2.cloudflarestorage.com https://api.openai.com/v1/chat/completions https://challenges.cloudflare.com/ https://unpkg.com/@rive-app/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://analytics.google.com/ https://td.doubleclick.net https://live.janitorai.com wss://live.janitorai.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://s.clarity.ms/collect https://securepubads.g.doubleclick.net https://organiccdn.io https://api.organiccdn.io https://c.amazon-adsystem.com https://*.amazon-adsystem.com https://config.aps.amazon-adsystem.com https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google https://cdn.ampproject.org https://*.doubleclick.net https://googleads.g.doubleclick.net https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google.com https://www.gstatic.com https://csi.gstatic.com https://console.googletagservices.com https://hb-api.omnitagjs.com https://fastlane.rubiconproject.com https://g2.gumgum.com https://prod.tahoe-analytics.publishers.advertising.a2z.com https://dsp-cookie.adfarm1.adition.com https://rt.marphezis.com https://*.marphezis.com https://cdn-cookieyes.com https://*.cookieyes.com https://*.adnxs.com https://*.lambda-url.ap-south-1.on.aws ; frame-src https://challenges.cloudflare.com https://www.youtube.com/ https://w.soundcloud.com https://static.cloudflareinsights.com/ https://www.googletagmanager.com https://e-janitorai.widgetbot.co/channels/563783473115168788/1113301902113919006/ https://*.googlesyndication.com https://securepubads.g.doubleclick.net https://c.amazon-adsystem.com https://*.amazon-adsystem.com https://ep1.adtrafficquality.google https://ep2.adtrafficquality.google https://www.google.com https://console.googletagservices.com https://hb-api.omnitagjs.com https://fastlane.rubiconproject.com https://g2.gumgum.com https://prod.tahoe-analytics.publishers.advertising.a2z.com https://dsp-cookie.adfarm1.adition.com; media-src *

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

cloudflare.com comodoca.com digicert.com ; cansignhttpexchanges=yes letsencrypt.org pki.goog ; cansignhttpexchanges=yes sectigo.com ssl.com

Wildcard CAs

ssl.com comodoca.com digicert.com ; cansignhttpexchanges=yes letsencrypt.org pki.goog ; cansignhttpexchanges=yes

Incident Reporting

mailto:[email protected]

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• You have authorized 7 CAs - consider limiting to only the CAs you actively use

Subject Alternative Names

2 domains

janitorai.com telem.janitorai.com