SSL Certificate Analysis for paipdev.se.com - Security Grade & TLS Configuration

Open Cached · just now

88/100 SECURITY SCORE

Certificate Information

Subject

C=FR, ST=Île-de-France, L=Rueil-Malmaison, O=Schneider Electric Industries SAS, CN=www.schneider-electric.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1

Valid From

January 19, 2026

Valid Until

October 06, 2026 259 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

C4:72:8E:DF:B6:93:55:EA:21:BE:C3:7C:62:61:2E:02:AD:0F:4B:1F:E7:76:EF:18:A3:B5:B4:4B:02:99:18:A3

Alternative Names

92 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://docs.thoughtspot.com https://cdn.mxpnl.com https://api.segment.io https://pendo-io-static.storage.googleapis.com https://d3sbxpiag177w8.cloudfront.net https://cdn.skypack.dev cdn.jsdelivr.net https://edge.fullstory.com https://rs.fullstory.com https://assets.trybento.co https://app.cord.com https://embeddable-sandbox.cdn.apollographql.com; style-src 'self' 'unsafe-inline' blob: https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://button.glitch.me https://app.pendo.io https://pendo-static-5110210082111488.storage.googleapis.com https://d3sbxpiag177w8.cloudfront.net https://fonts.googleapis.com cdn.jsdelivr.net https://app.cord.com; img-src 'self' data: https://asset.brandfetch.io https://docs.thoughtspot.com https://embedwistia-a.akamaihd.net https://glitch.com https://cdn.glitch.com https://avatars0.githubusercontent.com https://pendo-static-5110210082111488.storage.googleapis.com https://www.thoughtspot.com/ https://rs.fullstory.com https://api.mapbox.com https://apollo-server-landing-page.cdn.apollographql.com https://app.cord.com https://cdn.cord.com https://s3.eu-west-2.amazonaws.com cdn.jsdelivr.net blob: data: https://assets.trybento.co https://uploads.trybento.co data:; connect-src 'self' https://docs.thoughtspot.com https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://mp.proxy.thoughtspot.cloud https://cdn.mxpnl.com https://api.segment.io wss://nexus-websocket-a.intercom.io/ https://cdn.pendo.io https://api-js.mixpanel.com https://d3sbxpiag177w8.cloudfront.net https://api.mixpanel.com https://blink-releasemanager.thoughtspot.com https://edge.fullstory.com https://thoughtspot.cloud https://api.ipify.org https://embedwistia-a.akamaihd.net https://api.glitch.com https://unpkg.com https://rs.fullstory.com https://*.mapbox.com https://udon.trybento.co wss://udon.trybento.co https://uploads.trybento.co https://assets.trybento.co https://app.cord.com https://api.cord.com wss://api.cord.com https://o951476.ingest.sentry.io https://s3.eu-west-2.amazonaws.com https://identity.dataplane-public.thoughtspot.cloud; frame-ancestors 'self' https://stackblitz.com https://*.stackblitz.com https://*.stackblitz.io https://docs.thoughtspot.com https://plugin-party-sheets.vercel.app https://plugin-party-slides.vercel.app https://plugin-party-vercel.vercel.app https://thoughtspot-integration.vercel.app https://*.thoughtspot.com https://*.googleusercontent.com https://*.google.com; child-src 'self' blob: https://docs.thoughtspot.com; frame-src 'self' blob: https://docs.thoughtspot.com https://thoughtspot.github.io https://checkout.thoughtspot.com https://www.thoughtspot.com https://d3sbxpiag177w8.cloudfront.net https://stackblitz.com https://ts-blink.github.io https://visual-embed-sdk-dev.vercel.app https://visual-embed-sdk.vercel.app https://rest-api-sdk-v2-0.vercel.app https://rest-api-sdk-v2-0-dev.vercel.app https://visual-embed-sdk-8-8.vercel.app https://visual-embed-sdk-9-0.vercel.app https://everboarding.trybento.co https://www.youtube.com https://www.loom.com https://play.vidyard.com https://sandbox.embed.apollographql.com https://checkout-git-dev-thoughtspot-site.vercel.app https://*.readme.io *.pdom.thoughtspot.com; font-src 'self' https://mfe-cdn.thoughtspotdev.cloud https://mfe-cdn.thoughtspotstaging.cloud https://mfe-cdn.thoughtspot.cloud https://fonts.gstatic.com https://d3sbxpiag177w8.cloudfront.net data: https://fonts.gstatic.com cdn.jsdelivr.net https://assets.trybento.co https://uploads.trybento.co; media-src 'self' https://embedwistia-a.akamaihd.net https://assets.trybento.co https://uploads.trybento.co blob: data:; worker-src 'self' blob:; report-uri https://report-uri.vercel.app/api/report;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

Strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports