SSL Certificate Analysis for m.gem.com - Security Grade & TLS Configuration

Open Cached · 6h ago

84/100 SECURITY SCORE

Certificate Information

Subject

CN=m.gem.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M01

Valid From

October 22, 2025

Valid Until

November 20, 2026 324 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

54:B4:80:3D:E9:9A:68:74:1F:77:85:36:E0:5A:7D:93:9F:E9:AE:A1:F9:27:32:27:9B:7F:37:1C:B7:CD:57:3B

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; script-src; style-src; +12 more

default-src 'self' https://static.zensourcer.com/scripts/ https://static.gem.com/; script-src https://cdnjs.cloudflare.com/ https://www.amcharts.com/lib/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://fullstory.com/s/ https://edge.fullstory.com/s/ https://rs.fullstory.com/ https://cdn.ravenjs.com/ https://cdn.jsdelivr.net/npm/[email protected]/ https://cdn.jsdelivr.net/npm/[email protected]/ https://cdn.jsdelivr.net/npm/[email protected]/ https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://analytics.gem.com/analytics.js/v1/ https://analytics.gem.com/analytics-next/bundles/ https://analytics.gem.com/next-integrations/integrations/ https://analytics.gem.com/next-integrations/actions/ https://analytics.gem.com/v1/projects/JKD3SUhVtD793LSLlVwMceRSpf5j9NOe/settings https://boards.greenhouse.io/ https://data.nuxguides.gem.com/ https://content.nuxguides.gem.com/ https://pendo-io-static.storage.googleapis.com https://pendo-static-5669404840427520.storage.googleapis.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.googletagmanager.com/ https://cdn.amplitude.com/ https://app.getmacha.com https://connect.facebook.net/en_US/sdk.js https://static.zensourcer.com/scripts/ https://static.gem.com/ 'nonce-onD6MUvSqwj1R2EaUeJCSmud-VZ0N6_YW29aBdZHJUiF-yCKefn0rf0awvf4HQ7BV4Pl5kdfk7vNtg7e02X1dA' about: 'report-sample' https://hcaptcha.com https://*.hcaptcha.com https://js.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://a.omappapi.com; style-src https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://www.amcharts.com/lib/ https://unpkg.com/ https://use.fontawesome.com/releases/ https://cdn.jsdelivr.net/npm/[email protected]/ https://data.nuxguides.gem.com/ https://content.nuxguides.gem.com/ https://pendo-static-5669404840427520.storage.googleapis.com https://www.googletagmanager.com/ https://app.getmacha.com/app/styles.css https://usercontent.zscdn.net/fonts/ https://static.zensourcer.com/scripts/ https://static.gem.com/ 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdnjs.cloudflare.com/; img-src 'self' https: data: blob:; font-src 'self' https://static.gem.com/ https://maxcdn.bootstrapcdn.com/ 'self' https://fonts.gstatic.com/ https://use.fontawesome.com/releases/ https://usercontent.zscdn.net/fonts/ data:; connect-src https: wss://widget-mediator.zopim.com/ https://data.nuxguides.gem.com/ https://pendo-static-5669404840427520.storage.googleapis.com http://www.testglobal.net/ data: blob: https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hire.lever.co https://*.avature.net https://boards.greenhouse.io/ https://hcaptcha.com https://*.hcaptcha.com https://bid.g.doubleclick.net/; manifest-src 'self' https://static.zensourcer.com/scripts/ https://static.gem.com/; media-src https://static.zensourcer.com/scripts/ https://static.gem.com/ https://static.zdassets.com/web_widget/; worker-src blob: https://static.zensourcer.com/scripts/ https://static.gem.com/; report-uri /api/csp_log; child-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.linkedin.com

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

m.gem.com