SSL Certificate Analysis for mail.superhuman.com - Security Grade & TLS Configuration

Open Cached · just now

88/100 SECURITY SCORE

Certificate Information

Subject

CN=mail.superhuman.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

January 11, 2026

Valid Until

April 11, 2026 84 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

30:BB:2D:E6:54:38:F2:B7:4C:CE:08:7F:E6:49:51:6A:18:EC:DF:09:A6:90:BB:F6:D7:B3:63:6B:56:3C:04:A3

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains

Content-Security-Policy

Good

frame-src; manifest-src; object-src; +9 more

frame-src 'self' blob: https://media.superhumanapp.com https://media.superhuman.com superhuman: https://headway-widget.net https://frames-commandbar-prod.commandbar.com https://frames-editor-prod.commandbar.com https://api.commandbar.com https://forms.hsforms.com https://forms-na2.hsforms.com; manifest-src 'none'; object-src blob: https://media.superhumanapp.com https://media.superhuman.com; style-src 'self' data: 'unsafe-inline' https://cdn.commandbar.com https://media.superhumanapp.com https://media.superhuman.com https://assets.mail.superhuman.com https://*.amplitude.com; frame-ancestors 'none'; default-src 'none'; connect-src blob: https://assets.mail.superhuman.com https://media.superhumanapp.com https://media.superhuman.com https://mail.superhuman.com chrome-extension://dcgcnpooblobhncpnddnhoendgbnglpn chrome-extension://eobaknjeikpchflggmklgggcodjgbagl superhuman-app://production https://accounts.superhuman.com https://www.google.com/m8/feeds/ https://people.googleapis.com/ https://places.googleapis.com/ https://gmail.googleapis.com/ https://content.googleapis.com https://www.googleapis.com/plus/ https://storage.googleapis.com/inbox-zero/2880x/ https://storage.googleapis.com/powerup-assets/ https://storage.googleapis.com/chrome-extension.superhuman.com/ https://greenhouse-powerup.herokuapp.com https://notify.bugsnag.com https://sessions.bugsnag.com https://graph.microsoft.com https://login.microsoftonline.com https://app.launchdarkly.com https://events.launchdarkly.com/ https://clientstream.launchdarkly.com https://api.commandbar.com https://t.commandbar.com https://edge.fullstory.com https://rs.fullstory.com https://r.lrkt-in.com https://forms.hsforms.com https://forms-na2.hsforms.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.amplitude.com; font-src 'self' data: blob: https://media.superhumanapp.com https://media.superhuman.com https://assets.mail.superhuman.com; img-src 'self' data: blob: https://media.superhumanapp.com https://media.superhuman.com https://assets.mail.superhuman.com https://docs.google.com https://drive.google.com https://*.googleusercontent.com https://storage.googleapis.com/inbox-zero/2880x/ https://storage.googleapis.com/powerup-assets/ https://notify.bugsnag.com https://sessions.bugsnag.com https://cdn.commandbar.com https://files.commandbar.com https://forms.hsforms.com https://forms-na2.hsforms.com https://*.amplitude.com; media-src 'self' data: blob: https://media.superhumanapp.com https://media.superhuman.com https://assets.mail.superhuman.com https://storage.googleapis.com/inbox-zero/ https://storage.googleapis.com/email-assets.superhuman.com/ https://*.amplitude.com; script-src 'self' https://assets.mail.superhuman.com 'sha256-KZNf0Dw+P2+V7eMf/C62X/JFPdtVY2HsIwirp2JD1Es=' 'sha256-CKIAuKpRNZ4koXzMVEbikDsE3y9VNCyooraCCCUWC6A=' https://api.commandbar.com https://frames-commandbar-prod.commandbar.com https://cdn.commandbar.com https://edge.fullstory.com https://cdn.lrkt-in.com https://js.hsforms.net https://*.amplitude.com; worker-src 'self' data: blob: https://mail.superhuman.com https://assets.mail.superhuman.com;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

letsencrypt.org pki.goog

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

1 domain

mail.superhuman.com