SSL Certificate Analysis for pact.ly - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=pactsafe.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M02

Valid From

August 30, 2025

Valid Until

September 28, 2026 260 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

98:7F:A2:06:51:E7:E0:7C:CA:8D:CD:9B:93:18:7C:48:4C:B3:01:0E:14:07:EF:3F:51:2E:70:A6:44:98:B4:AD

Alternative Names

6 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; img-src; +5 more

default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: 127.0.0.1 ironcladapp.com *.ironcladapp.com sync-transcend-cdn.com *.transcend-cdn.com *.sync-transcend-cdn.com transcend-cdn.com *.liadm.com *.usbrowserspeed.com *.ip-api.com *.getwarmly.com knotch.com *.knotch.com knotch-cdn.com *.knotch-cdn.com pactsafe.io *.pactsafe.io prod.impartner.live *.impartner.live packages.prmcdn.io pixel-config.reddit.com *.redditstatic.com *.prmcdn.io ironclad.partner-experience.com *.yoast.com *.algolianet.com *.algolia.net *.spotify.com *.storylane.io *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.mutinyhq.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com googlesyndication.com page2.googlesyndication.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.knotch.it *.mindtickle.com *.cookielaw.org *.onetrust.com *.sayprimer.com *.ipapi.co ipapi.co js-de.sentry-cdn.com browser.sentry-cdn.com sentry-cdn.com *.sentry-cdn.com cdn.optimizely.com logx.optimizely.com tr.capterra.com a6371731711983616.cdn.optimizely.com app.optimizely.com api.zaius.com *.zaius.com d1igp3oop3iho5.cloudfront.net www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: 127.0.0.1 *.ashbyhq.com https://tags.fullcontact.com *.remarketstats.com *.redditstatic.com *.liadm.com *.usbrowserspeed.com *.getwarmly.com *.amazonaws.com transcend-cdn.com www.knotch-cdn.com *.knotch-cdn.com yoast.com *.yoast.com prod.impartner.live *.impartner.live packages.prmcdn.io *.prmcdn.io *.spotify.com *.cloudfront.net *.pactsafe.io *.storylane.io *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com googlesyndication.com page2.googlesyndication.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.mindtickle.com *.cookielaw.org *.onetrust.com *.sayprimer.com *.ipapi.co ipapi.co js-de.sentry-cdn.com browser.sentry-cdn.com sentry-cdn.com *.sentry-cdn.com cdn.optimizely.com logx.optimizely.com tr.capterra.com a6371731711983616.cdn.optimizely.com app.optimizely.com api.zaius.com *.zaius.com d1igp3oop3iho5.cloudfront.net www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms; img-src 'self' blob: data: wss: files.bugherd.com www.bugherd.com *.addevent.com https://www.bugherd.com *.spotify.com alb.reddit.com pixel-config.reddit.com *.akamaihd.net *.cloudfront.net *.pactsafe.io *.storylane.io *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com googlesyndication.com page2.googlesyndication.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.knotch.it *.mindtickle.com *.cookielaw.org *.onetrust.com cdn.optimizely.com logx.optimizely.com tr.capterra.com a6371731711983616.cdn.optimizely.com app.optimizely.com api.zaius.com *.zaius.com d1igp3oop3iho5.cloudfront.net www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms; font-src 'self' wss: blob: data: *.transcend.io *.lottiefiles.com *.mutinycdn.com ipinfo.io *.ironcladhq.com *.wpengine.com *.wpenginepowered.com *.wistia.net *.wistia.com *.gstatic.com *.tryinteract.com fast.wistia.net *.mindtickle.com api.zaius.com *.zaius.com d1igp3oop3iho5.cloudfront.net www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms; media-src 'self' blob: data: wss: *.transcend.io *.ironcladhq.com *.wpengine.com ipinfo.io *.wpenginepowered.com *.storylane.io *.mutinycdn.com *.litix.io *.tryinteract.com *.wistia.com fast.wistia.net *.mindtickle.com *.cookielaw.org *.onetrust.com api.zaius.com *.zaius.com d1igp3oop3iho5.cloudfront.net www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms; frame-ancestors https://ironcladapp.wpenginepowered.com *.wistia.net *.ashbyhq.com *.wistia.com *.mindtickle.com *.cookielaw.org *.onetrust.com *.bugsnag.com *.ashbyhq.com www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms; connect-src 'self' http://www.w3.org https://www.w3.org https://www.googletagmanager.com https://www.facebook.com https://bat.bing.com https://tracking-api.g2.com https://stats.g.doubleclick.net https://pagestates-tracking.crazyegg.com https://api.fullcontact.com https://assets-tracking.crazyegg.com https://idx.liadm.com https://www.redditstatic.com https://conversions-config.reddit.com https://528-qbh-821.mktoresp.com https://tracking.crazyegg.com https://rp.liadm.com https://script.crazyegg.com https://cdn.segment.com https://api.segment.io https://www.googleadservices.com https://pixel-config.reddit.com https://web-script.api.sayprimer.com https://www.google.com https://analytics.google.com https://ipinfo.io https://app.qualified.com wss://ws2.qualified.com https://px.ads.linkedin.com *.bugsnag.com *.ashbyhq.com *.cookielaw.org https://unpkg.com *.onetrust.com https://epsilon.6sense.com https://ipapi.co https://*.6sc.co https://j.6sc.co https://secure.adnxs.com *.mutinycdn.com *.mutinyhq.io *.google-analytics.com *.googlesyndication.com googlesyndication.com page2.googlesyndication.com *.googlesyndication.com js-de.sentry-cdn.com browser.sentry-cdn.com sentry-cdn.com *.sentry-cdn.com https://o196550.ingest.us.sentry.io *.ingest.us.sentry.io cdn.optimizely.com logx.optimizely.com tr.capterra.com a6371731711983616.cdn.optimizely.com app.optimizely.com api.zaius.com *.zaius.com d1igp3oop3iho5.cloudfront.net www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms; frame-src 'self' blob: *.ashbyhq.com https://quiz.tryinteract.com https://explore.ironcladapp.com https://*.ironcladhq.com https://ironclad.storylane.io https://fast.wistia.net https://www.google.com https://analytics.google.com https://ipinfo.io https://app.qualified.com wss://ws2.qualified.com https://px.ads.linkedin.com https://www.googletagmanager.com https://i.liadm.com https://accounts.google.com https://googlesyndication.com https://page2.googlesyndication.com https://*.googlesyndication.com cdn.optimizely.com logx.optimizely.com a6371731711983616.cdn.optimizely.com app.optimizely.com api.zaius.com *.zaius.com d1igp3oop3iho5.cloudfront.net www.clarity.ms *.pdscrb.com www.clarity.ms *.pdscrb.com *.clarity.ms;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

6 domains

pact.ly *.pact.ly

Other domains in certificate

pactsafe.com *.pactsafe.com

pactsafe.io *.pactsafe.io