SSL Certificate Analysis for partner.packetpower.com - Security Grade & TLS Configuration

Open Cached · just now

90/100 SECURITY SCORE

Certificate Information

Subject

CN=*.packetpower.com

Issuer

C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA

Valid From

April 14, 2025

Valid Until

May 15, 2026 114 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

52:D3:46:76:FD:D8:D2:45:84:5E:DD:56:53:39:64:36:8E:32:69:F7:40:34:2E:27:EC:85:94:F1:3C:2C:4A:2B

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

form-action; default-src; script-src; +9 more

form-action *.abbvie.com *.anico.com *.believer.gg *.carevalue.com *.dominos.com *.franconnect.net *.healthmart.com *.hinousa.com *.kp.org *.mathworks.com *.okta-emea.com *.okta.com *.oktapreview.com *.onelogin.com *.salesforce.com *.texasfarmbureau.org *.ttisi.com *.txfb-ins.com *.zoomcare.com www.toshibacommerce.com 'self' idp.cressetcapital.com umshibp.olemiss.edu *.interceptpharma.com *.segra.com *.volvo.com www.swppbranding.com *.my.site.com printreleaf.com *.thempxgroup.com https://samltest.id sso.colpal.com *.d2l.org *.trimble.com *.microsoftonline.com *.primetherapeutics.com *.healthsouth.com *.sciquest.com *.fa.ocs.oraclecloud.com *.americannational.com *.coupahost.com *.verian.com https://identity.trimble.com *.gaf.com *.wax-uat.com *.wrberkley.com agent.seniorlifeinsurancecompany.com trojanbattery.my.salesforce.com https://*.appl.kp.org https://*.oraclecloud.com https://ariba.jmfamily.com https://*.ariba.com https://stage.id.trimblecloud.com ship.visualogistix.com *.punchout2go.com *.equallevel.com https://myaccess.aramark.com https://medigold.maranagroupmarketplace.com *.atrihub.com https://core.hinonet.net https://*.myworkday.com https://*.workday.com https://*.trinity-health.org https://*.trinity-health.org; default-src 'self' https://static.zdassets.com https://ekr.zdassets.com *.zendesk.com wss://*.zendesk.com; script-src * 'unsafe-eval' 'unsafe-inline' data: https://tally.so; frame-src 'self' https://downloads.mypropago.com https://download.mypropago.com mpx-ftp.com umshibp.olemiss.edu player.vimeo.com *.equallevel.com idp.cressetcapital.com portal.mypropago.com *.volvo.com *.usadata.com *.my.site.com sso.wbd.com *.marq.com account.thempxgroup.com www.cognitoforms.com app.lucidpress.com printreleaf.com *.printreleaf.com *.jotform.com *.drummond.com https://*.mypropago.com https://hyvee-mittera.paperform.co *.monday.com https://*.oraclecloud.com https://ariba.jmfamily.com https://*.ariba.com https://*.google.com https://*.spreedly.com https://*.youtube.com https://visualogistix.wufoo.com www.swppbranding.com https://forms.zohopublic.com https://*.visualogistix.com https://*.vimeo.com https://viegamedia.com https://app.gogrow.com/ https://*.smartsheet.com https://*.sciquest.com https://tally.so https://*.myworkday.com https://*.workday.com https://*.trinity-health.org mailto: https://*.trinity-health.org; frame-ancestors 'self' mpx-ftp.com *.interceptpharma.com *.segra.com player.vimeo.com umshibp.olemiss.edu *.equallevel.com idp.cressetcapital.com portal.mypropago.com *.volvo.com *.my.site.com sso.wbd.com *.usadata.com account.thempxgroup.com www.cognitoforms.com *.marq.com app.lucidpress.com printreleaf.com *.printreleaf.com *.jotform.com *.drummond.com https://*.oraclecloud.com https://ariba.jmfamily.com https://*.ariba.com https://viegamedia.com https://*.punchout2go.com https://*.smartsheet.com ship.visualogistix.com *.transaxions.co.uk https://*.sciquest.com https://us.marketingbydeluxe.com *.monday.com https://*.myworkday.com https://*.workday.com https://*.trinity-health.org https://alkermes-veeva.my.salesforce.com https://alkermes-veeva--c.sandbox.vf.force.com https://*.trinity-health.org https://*.b2clogin.com; style-src * 'unsafe-inline'; media-src * data:; connect-src 'self' ws: *.acsbapp.com https://translate-pa.googleapis.com https://www.google.com *.google-analytics.com mpx-ftp.com umshibp.olemiss.edu player.vimeo.com *.equallevel.com sso.wbd.com *.my.site.com account.thempxgroup.com www.cognitoforms.com printreleaf.com *.printreleaf.com stats.g.doubleclick.net *.monday.com ekr.zdassets.com *.zendesk.com *.zopim.io *.zopim.com https://bam.nr-data.net http://jigsaw.w3.org/css-validator/ wss: *.facebook.com *.google.com www.waterouspromo.com https://kendo.cdn.telerik.com https://unpkg.com https://cdn.jsdelivr.net; object-src * data:; img-src * data: blob:; font-src 'self' *.accessibly.app https://fonts.gstatic.com *.unpkg.com https://unpkg.com https://kendo.cdn.telerik.com *.bootstrapcdn.com data: *.zopim.io *.zopim.com cdn.jsdelivr.net cdnjs.cloudflare.com; report-uri https://portal.mypropago.com/Security/CspViolations;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

same-origin

Permissions-Policy

Present

microphone()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

packetpower.com *.packetpower.com