Open
Cached
·
just now
94/100
SECURITY SCORE
Certificate Information
Subject
CN=login.procore.com
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
December 04, 2025
Valid Until
March 04, 2026
45 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
8A:6C:E4:3E:19:FF:19:57:01:DB:76:43:26:BB:C4:F9:44:D4:09:9B:7C:02:2B:08:67:33:8A:05:5F:44:EB:7E
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Good
frame-ancestors; default-src; connect-src; +6 more
frame-ancestors 'self' app.procore.com us02.procore.com support.procore.com edgeservices.bing.com www.bing.com www.staging-bing-int.com copilot.microsoft.com microsoftonline.com sharepoint-df.com sharepoint.com sharepointonline.com spgrid.com spolabs.com spoppe.com sposites.com partner.microsoftonline.cn sharepoint.cn sharepoint.de myus.msftsptest.com my.microsoftpersonalcontentppe.com wopi.onedrive.com wopi.onedrive-tst.com outlook.office.com outlook-sdf.office.com outlook.live.com outlook-sdf.live.com outlook-tdf.live.com sdfpilot.live.com outlook.office365.us outlook.office365.com exchangelabs.live-int.com office-int.com officeapps.live-int.com officeapps.live.com *.officeapps-df.live.com *.cloud.microsoft fa000000125.resources.office.net fa000000129.resources.office.net fa000000124.resources.office.net fa000000128.resources.office.net; default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: *.omtrdc.net www.googletagmanager.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' assets.adobedtm.com *.omtrdc.net https://www.googletagmanager.com https://connect.facebook.net/ https://snap.licdn.com; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Present
fullscreen=()
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Strengthen CSP by removing 'unsafe-eval'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports