SSL Certificate Analysis for joom.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=joom.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

November 23, 2025

Valid Until

December 22, 2026 342 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D2:C3:8D:ED:33:2D:73:81:31:66:9A:5B:6A:F2:0D:C4:87:50:3E:23:AA:57:83:E9:AB:DF:DD:84:85:0E:3F:74

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; child-src; media-src; +11 more

default-src blob: ;child-src blob: 'self' https://d13h4w8gjgv887.cloudfront.net;media-src blob: 'self' https://video.joomcdn.net https://*.amazonaws.com https://d13h4w8gjgv887.cloudfront.net;form-action https:;frame-src 'self' https: https://accounts.google.com/gsi/;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src 'self' data: https://*.joomcdn.net https://*.jmtcdn.ru https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru https://accounts.google.com/gsi/style;connect-src 'self' https://api.joom.com https://api-secure.joom.one https://api.joompay.tech https://http-babylone-client-faq-api.joom.it https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://bat.bing.com https://pagead2.googlesyndication.com https://www.facebook.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://*.joomcdn.net https://*.jmtcdn.ru https://*.amazonaws.com https://mc.yandex.ru https://mc.yandex.com https://api-maps.yandex.ru https://yastatic.net https://*.maps.yandex.net https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://*.live-video.net https://joom-web.ey.r.appspot.com https://crowdin.com https://widget.trustpilot.com https://*.creativecdn.com https://*.dwin1.com https://top-fwz1.mail.ru https://www.wepowerconnections.com https://tr.kickbite.io https://service.nalog.ru https://*.clarity.ms https://analytics.tiktok.com https://s.kelkoogroup.net https://*.mts.ru https://www.google.com https://google.com https://pay.google.com https://*.criteo.com https://sentry.joom.it https://accounts.google.com/gsi/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://api.jmtpayments.ru;img-src 'self' data: https: blob:;script-src 'strict-dynamic' 'nonce-MC42MTY2MjY=' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: data: 'unsafe-inline' https://*.joomcdn.net https://*.jmtcdn.ru https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru https://accounts.google.com/gsi/style;report-uri https://sentry.joom.it/api/3/security/?sentry_key=b68f31beac04417da5e79086aa76f8d6

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

joom.com *.joom.com