SSL Certificate Analysis for my.dev.firstdollar.com - Security Grade & TLS Configuration

Open Cached · just now

91/100 SECURITY SCORE

Certificate Information

Subject

CN=dev.firstdollar.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

January 09, 2026

Valid Until

April 09, 2026 86 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

EB:6A:D1:B8:3E:C7:B4:66:A6:91:AA:1D:66:8F:B0:A2:CC:D1:64:1D:74:39:F3:CA:B9:64:73:3C:A1:C8:2A:DD

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Good

default-src; base-uri; block-all-mixed-content; +12 more

default-src 'self' cdn.plaid.com; base-uri 'none'; block-all-mixed-content; connect-src 'self' https://consumer.api.dev.firstdollar.com https://first-dollar-app-dev.appspot.com sandbox.plaid.com https://widgets-sandbox.marqeta.com https://api.stripe.com https://api.iterable.com www.google.com *.googleapis.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://primary-realtime.intercom-messenger.com uploads.intercomcdn.com sentry.io *.sentry.io https://api.iterable.com; frame-ancestors 'self' https://widgets.dev.firstdollar.com https://widgets.stg.firstdollar.com https://widgets.firstdollar.com https://developer.firstdollar.com https://first-dollar-developer.web.app https://first-dollar-developer-dev.web.app https://participant.ddevserv10.dev.benefitresource.com https://participant.ddevserv01.dev.benefitresource.com https://participant.ddevserv14.dev.benefitresource.com https://participant.ddevserv15.dev.benefitresource.com https://participant.dbriweb01.dev.benefitresource.com http://participant.localhost https://*.dev.financialhealthwallet.com https://*.financialhealthwallet.com https://*.zizzlhealth.com https://*.zizzlhealthdemo.com https://*.zizzlhealthdev.com http://localhost:* http://*.localhost:*; form-action 'self' consumer.api.dev.firstdollar.com intercom.help *.intercom.io *.statuspage.io; child-src 'self'; frame-src 'self' blob: https://verify.stripe.com https://js.stripe.com https://hooks.stripe.com https://widgets.marqeta.com https://widgets-sandbox.marqeta.com https://intercom-sheets.com intercom-sheets.com https://www.google.com cdn.plaid.com firebasestorage.googleapis.com https://first-dollar-app-dev.storage.googleapis.com https://first-dollar-app.storage.googleapis.com; img-src 'self' blob: https://www.google.com assets-global.website-files.com https://uat-drivewealth.imgix.net syscdn.drivewealth.net d3an3cesqmrf1x.cloudfront.net https://drivewealth.imgix.net data: *.intercom.io static.intercomassets.com *.intercomcdn.com first-dollar.intercom-attachments-5.com first-dollar.intercom-attachments-1.com firebasestorage.googleapis.com https://first-dollar-app-dev.storage.googleapis.com https://first-dollar-app.storage.googleapis.com; media-src 'self' js.intercomcdn.com; object-src 'self' blob: https://firebasestorage.googleapis.com https://first-dollar-app-dev.storage.googleapis.com https://first-dollar-app.storage.googleapis.com; script-src 'self' 'sha256-LS6mawHTGJzVAO6diFEPo1LfVR/ARli3Fg9ydRed7Yg=' 'sha256-aIrIqSQxotoOXF25OIjYIjPot6K/xGLNdyewnUoIXfI=' 'sha256-XNORTO2kINoWE2ij0/rG/Eig0roe1GyRyrAqsqcQApk=' 'sha256-VnKBsWlW5LYtvchHVwZtSkI5E9jcNUUn3skoMCfOZzI=' 'sha256-ZdDTEfl8xrGn7iZ/2mMDizDIe6JRmep2vz9STHJi4Zs=' 'sha256-AdrKFRwbXYnt+NArcWuOA3p5Uu+OM2x5iXbnbok+VTg=' 'sha256-Uz0yn00PqpvyPuK+MptaAirzRCPwuCU4Vhj/iAbfJxk=' 'sha256-2LjWgFlionHbs9uurvaAwYDJQpT4QuchPDHFnoeeG0g=' 'sha256-HPWqnjtxlF7Jrts3buMC+bSE+BWrE9QZGTXQsnFsXlI=' 'sha256-9UUoc2F0aeQNM/1w/0MyfzK9ocjaPer/cAGZMUw1YHs=' 'sha256-WFHcs3IC9BsLZet1ga3z73q48mpf33c9Sjjia1N3jkE=' https://js.stripe.com https://widgets.marqeta.com https://widgets-sandbox.marqeta.com https://www.google.com https://www.gstatic.com apis.google.com cdn.plaid.com 'sha256-DV/iinpNag4xVnPS7WJb4QjhUpGuaoz3oxPEBKUbyl0=' widget.intercom.io js.intercomcdn.com; style-src 'self' 'unsafe-inline' fonts.intercomcdn.com; font-src 'self' js.intercomcdn.com fonts.intercomcdn.com; report-uri https://o338933.ingest.sentry.io/api/5185078/security/?sentry_key=2e56ee6fabfa4e4bbc843185673016b1&sentry_environment=development;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

dev.firstdollar.com *.dev.firstdollar.com