Open
Cached
·
just now
96/100
SECURITY SCORE
Certificate Information
Subject
CN=kinde.com
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M02
Valid From
September 10, 2025
Valid Until
October 09, 2026
285 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
6B:BF:FE:36:EB:C1:C9:AB:13:51:B4:FB:55:5B:24:A9:7E:D7:BC:11:07:FF:C7:80:F8:D8:DC:61:60:87:69:03
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Strong
default-src; style-src; frame-src; +8 more
default-src 'self'; style-src 'self' 'nonce-2726c7f26c' 'sha256-vGQdhYJbTuF+M8iCn1IZCHpdkiICocWHDq4qnQF4Rjw=' 'sha256-8qEhmST1jQ//Me8YVaAqxbG9KN48WNYMJUNAtXdo33Q=' 'sha256-lYPgVeO0CacLwwUB4DyR9jnHyogvo7NBwUv0zXx/qBY=' 'sha256-ajb73K2FmsthdzBdwiFYRervmxrEKjUJWlc/vD+jAQQ=' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'sha256-MozwJwoYjDuUKRhfcU/vx3W0cl/Xz4siRT0dnx5HeF8=' 'sha256-tBwCaQJ1g8HbEIsJixeYrA7ZWGwu5xzKmLrfR3SD6NQ=' 'sha256-XhDtIBx7m70wmM5srQYmxNNICw2np34KpmBuSxnilMc='; frame-src https://www.youtube-nocookie.com https://meetings.hubspot.com https://meetings-ap1.hubspot.com https://www.googletagmanager.com https://td.doubleclick.net; child-src 'self'; connect-src 'self' ws https://www.google.com.au https://www.googleadservices.com https://api.management.inkeep.com https://api.inkeep.com wss://api.inkeep.com GNCD7Z22NL-dsn.algolia.net https://api.hsforms.com https://app.kinde.com https://px.ads.linkedin.com/attribution_trigger https://px.ads.linkedin.com/wa/ https://pixel-config.reddit.com/pixels/t2_cgoebtb1p/config https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_cgoebtb1p_telemetry https://conversions-config.reddit.com/v1/pixel/error https://tracking.g2crowd.com https://www.google.com https://pagead2.googlesyndication.com https://ads.reddit.com https://www.redditstatic.com https://tracking-api.g2.com https://z.clarity.ms/collect; base-uri 'none'; font-src 'self' https://www.redditstatic.com https://fonts.gstatic.com data:; img-src 'self' https://px4.ads.linkedin.com data: https://storage.googleapis.com https://www.googletagmanager.com https://imagedelivery.net https://customer-xcbruusbiervz265.cloudflarestream.com https://i.ytimg.com https://px.ads.linkedin.com/collect https://px.ads.linkedin.com/attribution https://t.co/1/i/adsct https://analytics.twitter.com/1/i/adsct https://alb.reddit.com https://www.linkedin.com/px/li_sync https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.au https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://google.com https://pagead2.googlesyndication.com https://www.redditstatic.com bat.bing.com https://bat.bing.com https://www.facebook.com; media-src 'self' https://customer-xcbruusbiervz265.cloudflarestream.com https://i.ytimg.com https://youtu.be/; object-src 'none'; script-src 'self' 'nonce-2726c7f26c' 'sha256-0pH+EsJOt4Kk5RSD5KerB/OjaMoxZPL+chrrxjvdC5g=' 'sha256-9/WESz4D7VeNJGmFv4PcbFrSx8lhWTEJsFPhcuNxGYU=' 'sha256-ZrHQfsFOtSBylrSmyttUsKE2leuYJU/K6YodOdkkSwg=' 'sha256-GhXCzxSFx/LwDRZBJ5h38Rysut8wOIirazFPWIeb0Ks=' 'sha256-AZjUCdKRU3uKJCGcB8fZxaNrOz7Lg0MHy1WXPWdUovs=' 'sha256-RCleB2KL8Wc6Hb6NA+mrCpnEqtbUCMIfW9rhuuuwcGM=' 'sha256-Cf6MScysqc5amRgkcUwpGxL30sEDmYXwH2WVYwWJ4e8=' 'sha256-RCleB2KL8Wc6Hb6NA+mrCpnEqtbUCMIfW9rhuuuwcGM=' 'sha256-tvrPutxALtJC72h/2bJpck5DqwVb0SsB3pPaOJ95i18=' 'sha256-HwQqIkecRaYqjwK1ir8g0f3CBwS4U2hZ51WoAw+iFGY=' 'sha256-CwZw5rPzITcMUWx9QkrZ/iR2thDR7lhhN1nshDPYlec=' 'sha256-IxSsZHC0DNgPPamehBhke+cgBxX1mo6K3qzcW5dOhc8=' 'sha256-2cgBVv9e3/IUyfXZGF2RcD0/F3Gt1tOELLkyl8zmDGY=' https://static.hsappstatic.net https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js https://www.googletagmanager.com/gtm.js'sha256-CuBBdQPM8gSaZAiBe6QkOqVpJlbD/Wi2kQuYGlG9a2A=' 'sha256-qEUmDtwRHgM4s6+fku3BFuyl45Gi6iIeRvEC/iI58Mg=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js 'sha256-nezV5umpkdq7Sh8a5/HKRENLGN5bTxfLh/mOs8KIheU=' https://tracking.g2crowd.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://googletagmanager.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.redditstatic.com 'sha256-pxFOclxNE5ptrGfrr8gQ7DGTPtFThGQW/KiK2GlGSrY=' https://bat.bing.com bat.bing.com 'sha256-b9J92pqxdE5pkFd//JR4qPyKpDWr5O9DFXUk8wa5/iA=' 'sha256-xwuqKowX80ttHMHRs7cAQcinlFITszDSeEJN91Ph30s=' 'sha256-7eS2FHY49oNHm8k0s0WoqJxviVXfmFyy3KEvEF22MfE=' 'sha256-hjx89iJfkKryKogz3L7cY7kAgfH/jJwUyynFe77rHOU=' 'sha256-EyV2xOjN+hjnCk515NbxYH6DDYiRHMjnEk+td9bdo44=' 'sha256-FhCq+O/xviWIYcrfTHJuanHBXedCHAiRwIylrq5cnZQ=' https://connect.facebook.net https://www.facebook.com 'sha256-OhKZrhPOtPoqvkT9DPrhthlZD54Fy4B8SEZXHM8RXDc=' 'sha256-DGHs3vk4Rife9v/46rC7iAXZ00BTJ2tGSKXSyYhkYdg=' 'sha256-k25bzfMTEwtJc+IaAxc3RUgmuyKzDIpQEvWHAsGTMYw=' 'sha256-p3a6G6EsS7VR/vfXBmwCf5cJHRXX0JGbidq0vXK9/Nw=' 'sha256-G6XHAy2QvGYdDSMn52U8TapnZzGcGefSykYdZp3Pp0A=' 'sha256-9BD8eLZz7DzW0tz8MBg9pV4TcnqDMVGK7+akNji4XnI=' 'sha256-CuBBdQPM8gSaZAiBe6QkOqVpJlbD/Wi2kQuYGlG9a2A=' 'sha256-2cgBVv9e3/IUyfXZGF2RcD0/F3Gt1tOELLkyl8zmDGY=' https://www.clarity.ms https://i.clarity.ms https://z.clarity.ms https://z.clarity.ms/collect
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin
Permissions-Policy
Present
geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=self, payment=()
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports