SSL Certificate Analysis for n2y.com - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=n2y.com

Issuer

C=US, O=DigiCert, Inc., CN=GeoTrust Global TLS RSA4096 SHA256 2022 CA1

Valid From

November 12, 2025

Valid Until

April 14, 2026 71 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

09:62:B1:47:23:E4:D6:E9:E2:05:CF:B2:0B:6F:E6:34:35:BF:A9:11:BB:2B:35:94:2E:74:CC:6E:D7:22:86:B8

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15552000

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self'; script-src 'unsafe-eval' 'self' https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.cdn.prismic.io https://prismic.io https://texthelp.tfaforms.net https://www.google.com https://www.gstatic.com https://s.saleswingsapp.com https://static.hotjar.com https://script.hotjar.com https://plus.browsealoud.com https://www.browsealoud.com https://*.speechstream.net https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://wikisum.texthelp.com https://mautic.texthelp.com https://mautic-staging.texthelp.com https://embed.typeform.com/next/embed.js https://connect.facebook.net https://snap.licdn.com https://www.youtube.com https://*.amplitude.com https://a.omappapi.com/ https://player.cloudinary.com https://cloudinary.com https://online4.superoffice.com https://cdn.jsdelivr.net/npm/@rive-app/[email protected]/rive.js 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.browsealoud.com https://plus.browsealoud.com https://texthelp.tfaforms.net https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://mautic.texthelp.com/media/css/ https://mautic-staging.texthelp.com/media/css/ https://embed.typeform.com/next/css/widget.css https://*.amplitude.com https://a.omappapi.com/ https://player.cloudinary.com; connect-src 'self' blob: https://plus.browsealoud.com https://www.browsealoud.com https://en.wikipedia.org https://wikisum.texthelp.com https://wiki-summarizer-eu.texthelp.com https://simplify-us.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://everway.cdn.prismic.io https://analytics.formassembly.com https://texthelp.tfaforms.net/api_v2/sst/wf-quick-publish https://typeahead.formassembly.com https://consentcdn.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://to.go.saleswingsapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.typeform.com/single-embed/ https://px.ads.linkedin.com https://*.amplitude.com https://unpkg.com https://cdn.jsdelivr.net https://api.omappapi.com/ https://a.omappapi.com https://z.omappapi.com https://player.cloudinary.com https://res.cloudinary.com https://cloudinary.com; child-src 'self' https://content.googleapis.com https://www.googletagmanager.com/ns.html; media-src 'self' blob: https://*.speechstream.net https://*.amplitude.com https://res.cloudinary.com https://player.cloudinary.com; font-src 'self' https://fonts.gstatic.com data: https://script.hotjar.com https://a.omappapi.com/ https://api.omappapi.com/; img-src 'self' data: blob: https://webworx.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com https://www.browsealoud.com https://plus.browsealoud.com https://upload.wikimedia.org https://www.google-analytics.com https://stats.g.doubleclick.net https://everway.cdn.prismic.io https://images.prismic.io https://imgsct.cookiebot.com https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.co.uk https://www.google.ca https://www.google.dk https://www.google.com.au https://www.google.co.in https://www.google.ie https://www.google.co.nz https://www.google.nl https://www.google.it https://www.google.se https://www.google.es https://www.google.com.ph https://www.google.com.mx https://www.google.de https://www.google.com.pk https://www.google.co.id https://www.google.ae https://www.google.fr https://www.google.co.za https://www.google.com.br https://www.google.co.jp https://www.google.com.sg https://www.google.fi https://www.google.co.il https://www.google.ee https://www.google.no https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://px.ads.linkedin.com https://www.facebook.com https://*.amplitude.com https://a.omappapi.com/ https://api.omappapi.com/ https://res.cloudinary.com; object-src 'none'; frame-src 'self' https://content.googleapis.com/ https://everway.prismic.io https://www.youtube.com https://www.google.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://td.doubleclick.net https://mautic.texthelp.com https://mautic-staging.texthelp.com https://form.typeform.com/ https://registration.events.ringcentral.com/ https://player.cloudinary.com https://online4.superoffice.com/; form-action 'self' https://texthelp.tfaforms.net https://mautic.texthelp.com https://mautic-staging.texthelp.com https://event.on24.com https://www.n2y.com/ https://www.texthelp.com; base-uri 'none'

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

n2y.com