SSL Certificate Analysis for my.goabode.com - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=*.goabode.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

November 25, 2025

Valid Until

December 23, 2026 329 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D0:1A:30:71:BA:E0:00:00:9E:23:CF:54:8E:1A:2F:22:2E:01:74:7F:2A:A9:0F:45:9F:12:22:01:EF:B6:A7:4C

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; script-src; +10 more

upgrade-insecure-requests; default-src 'self'; script-src 'self' https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/1.13.1/TweenMax.min.js https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/2.4.2/rollbar.min.js https://js.stripe.com/v3 https://js.stripe.com/v3/fingerprinted/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/GeocodeService.Search https://maps.googleapis.com/maps/api/place/js/AutocompletionService.GetPredictions https://maps.googleapis.com/maps/api/place/js/AutocompletionService.GetPredictionsJson https://maps.googleapis.com/maps/api/place/js/PlaceService.GetPlaceDetails https://maps.googleapis.com/maps-api-v3/api/js/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; img-src 'self' https://s3.amazonaws.com/zigron.goabode.com/ https://s3.amazonaws.com/my.goabode.com/ https://s3.us-west-2.amazonaws.com/zigron.goabode.com.us-west-2/ https://s3.us-west-2.amazonaws.com/my.goabode.com.us-west-2/ https://s3.us-east-1.amazonaws.com/zigron.goabode.com/ https://s3.us-east-1.amazonaws.com/my.goabode.com/ https://s3.us-east-2.amazonaws.com/zigron.goabode.com.us-east-2/ https://s3.us-east-2.amazonaws.com/my.goabode.com.us-east-2/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://lh3.googleusercontent.com/ https://www.googletagmanager.com/a data:; media-src 'self' blob: data: https://s3.amazonaws.com/zigron.goabode.com/ https://s3.amazonaws.com/my.goabode.com/; connect-src 'self' https://www.google-analytics.com/g/collect https://*.kinesisvideo.us-east-2.amazonaws.com/dash/v1/ https://*.kinesisvideo.us-west-2.amazonaws.com/dash/v1/ https://maps.googleapis.com/maps_api_js_slo/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.googleapis.com/%24rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo wss:; frame-src 'self' https://js.stripe.com/; font-src 'self' data: https://fonts.gstatic.com/s/muli/ https://fonts.gstatic.com/s/nunitosans/ https://fonts.gstatic.com/s/googlesans/ https://fonts.gstatic.com/s/googlesanstext/ https://fonts.gstatic.com/s/roboto/ https://fonts.gstatic.com/l/; object-src 'none'; form-action 'self'; base-uri 'none'; frame-ancestors 'self';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

*.goabode.com