Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=maze.co
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M03
Valid From
July 19, 2025
Valid Until
August 17, 2026
253 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
03:87:E7:2B:4A:9B:56:E3:44:E0:1C:3A:2B:D1:4D:01:A3:69:8D:32:25:53:97:02:DB:CF:1D:4E:57:B8:2C:A1
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://*.maze.co https://cdn-cookieyes.com https://cdn.amplitude.com https://cdn.segment.com https://www.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://*.clickagy.com https://*.cdnjs.network https://bat.bing.com https://static.ads-twitter.com https://snap.licdn.com https://*.twitter.com https://*.zoominfo.com https://js.zi-scripts.com https://extend.vimeocdn.com https://*.chilipiper.com https://mazedesign.widget.insent.ai https://*.cloudfront.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com *.hubspot.net static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspotfeedback.com feedback.hubapi.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.tidio.co https://widget-v4.tidiochat.com https://app.spara.co https://*.arcade.software https://*.apollo.io https://netlify-cdp-loader.netlify.app blob:; style-src 'self' 'unsafe-inline' https://*.maze.co https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com cdn2.hubspot.net; connect-src 'self' https://*.maze.co https://www.datocms-assets.com https://stream.mux.com https://image.mux.com https://inferred.litix.io https://static.hsappstatic.net https://*.mux.com https://*.cookieyes.com https://cdn-cookieyes.com https://js.zi-scripts.com https://ws.zoominfo.com https://api.schedule.zoominfo.com https://*.clickagy.com https://*.chilipiper.com https://api.amplitude.com https://cdn.segment.com https://api.segment.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.google.com https://*.facebook.com https://*.goldcast.io https://px.ads.linkedin.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hsappstatic.net sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https://cdn.simplecast.com https://*.outgrow.us https://app.spara.co https://*.arcade.software https://*.arcade.show https://*.apollo.io https://aplo-evnt.com https://api.country.is https://unpkg.com/@rive-app/[email protected]/rive.wasm https://cdn.jsdelivr.net/npm/@rive-app/[email protected]/rive_fallback.wasm wss:; font-src 'self' data: https://*.maze.co https://fonts.gstatic.com https://*.chilipiper.com https://www.youtube.com https://*.arcade.software; frame-src 'self' https://*.maze.co https://*.spotify.com https://player.simplecast.com https://www.youtube.com https://player.vimeo.com https://*.outgrow.us https://*.clickagy.com https://mazedesign.widget.insent.ai https://*.chilipiper.com https://www.facebook.com https://platform.twitter.com https://www.googletagmanager.com https://td.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.hubspot.com *.hubspot.net *.hs-sites.com play.hubspotvideo.com *.hsforms.net *.hsforms.com https://app.spara.co https://*.arcade.software https://*.apollo.io https://*.aplo-evnt.com https://app.netlify.com; img-src 'self' https://*.maze.co https://placehold.co https://www.datocms-assets.com https://image.mux.com https://cdn-cookieyes.com https://*.chilipiper.com https://*.rlcdn.com https://*.clickagy.com https://bat.bing.com https://*.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.twitter.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://pagead2.googlesyndication.com https://www.googleadservices.com https://ssl.gstatic.com https://www.gstatic.com https://*.googletagmanager.com https://t.co https://i.vimeocdn.com https://i.ytimg.com https://*.facebook.com cdnjs.cloudflare.com no-cache.hubspot.com js.hscta.net *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://app.spara.co https://spara-prod.s3.amazonaws.com https://*.arcade.software https://*.apollo.io blob: data:; media-src 'self' https://*.maze.co https://*.mux.com https://rvlstudio.s3.eu-west-3.amazonaws.com https://cdn.simplecast.com https://*.scdn.co https://*.arcade.software widget-v4.tidiochat.com blob:; frame-ancestors 'self' https://mazedesign.widget.insent.ai; object-src 'none'; base-uri 'self'; manifest-src 'self'; worker-src 'self' blob:;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance