SSL Certificate Analysis for phenom.com - Security Grade & TLS Configuration

Open Cached · just now

81/100 SECURITY SCORE

Certificate Information

Subject

CN=phenom.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M03

Valid From

September 04, 2025

Valid Until

October 02, 2026 263 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E6:6C:23:CB:1C:D1:53:9E:84:C9:21:7A:DD:A7:BD:9C:37:87:45:8C:10:4C:B8:9D:38:3F:31:33:D9:81:CB:DF

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

frame-ancestors; default-src; script-src; +3 more

frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' *.mutinycdn.com data.hockeystack.com *.mutinyhq.io tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com wss://ws.qualified.com perf-na1.hsforms.com app.qualified.com td.doubleclick.net pagead2.googlesyndication.com ws.qualified.com d3cy9zhslanhfa.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com youtube.com cdn.linkedin.oribi.io rs.fullstory.com forms-na1.hsforms.com cdn.contentful.com phenompeople.na.chilipiper.com js.chilipiper.com api.na.chilipiper.com api.chilipiper.com tracking.chilipiper.com ipv6.6sc.co cdn.cookielaw.org images.ctfassets.net assets.ctfassets.net videos.ctfassets.net app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com youtu.be abm2.listenloop.com notify.bugsnag.com pt37ad6f6a.execute-api.us-east-1.amazonaws.com data slideshare.net:;script-src 'self' 'unsafe-inline' 'unsafe-eval' home.integrate.com *.mutinycdn.com data.hockeystack.com *.mutinyhq.io tracking.g2crowd.com pixel-config.reddit.com www.redditstatic.com conversions-config.reddit.com code.jquery.com ajax.googleapis.com images.ctfassets.net www.googleadservices.com videos.ctfassets.net *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com js.chilipiper.com js.usemessages.com js.hsadspixel.net js.na.chilipiper.com snap.licdn.com www.google.com images.ctfassets.net videos.ctfassets.net js.driftt.com googleads.g.doubleclick.net stats.g.doubleclick.neti edge.fullstory.com secure.adnxs.com cb3034c4ce68477bb69489e3e49e4588.js.ubembed.com assets.ubembed.com js.zi-scripts.com ws-assets.zoominfo.com js.qualified.com js.hubspot.com v2.listenloop.com launcher.1mind.com static.oktopost.com js.storylane.io cdn.storylane.ioddwl4m2hdecbv.cloudfront.net ; connect-src 'self' data: https: http: wss://ws.qualified.com; frame-src 'self' data: https: http:; img-src 'self' data: https: http:;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

phenom.com *.phenom.com