SSL Certificate Analysis for platform.qa.com - Security Grade & TLS Configuration

Open Cached · just now

92/100 SECURITY SCORE

Certificate Information

Subject

CN=platform.qa.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M03

Valid From

May 14, 2025

Valid Until

June 12, 2026 139 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

C7:87:5D:47:9F:41:53:FB:1C:BF:84:A5:02:DD:E4:53:7E:5C:E6:B6:97:8F:AE:77:35:04:A4:EB:0A:3E:16:94

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

frame-ancestors; object-src; worker-src; +2 more

frame-ancestors 'self' *.cloudacademy.com *.app.qa.com *.platform.qa.com https://cloudacademycom.zendesk.com teams.microsoft.com *.teams.microsoft.com *.skype.com https://www.recaptcha.net; object-src 'none'; worker-src 'self' blob:; font-src 'self' data: https://fonts.gstatic.com; script-src 'unsafe-eval' 'unsafe-inline' cloudacademy.com app.qa.com platform.qa.com *.cloudacademy.com *.app.qa.com *.platform.qa.com https://www.googletagmanager.com https://js.usemessages.com https://js.hs-banner.com https://connect.facebook.net https://snap.licdn.com https://www.redditstatic.com https://www.google-analytics.com https://js-na1.hs-scripts.com https://www.googleadservices.com j.6sc.co analytics.churnzero.net *.pendo.io cdn.mxpnl.com bat.bing.com js.hs-analytics.net https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://tracking.g2crowd.com https://apis.google.com https://www.gstatic.com https://www.gstatic.cn gstatic.cn *.gstatic.cn https://www.recaptcha.net appleid.cdn-apple.com https://static.filestackapi.com cdn.usersnap.com api.usersnap.com https://api.ipify.org https://static.zdassets.com https://js.recurly.com https://js.stripe.com https://www.youtube.com https://cloudacademy.disqus.com https://cdnjs.cloudflare.com https://app.hubspot.com cdn.polyfill.io static.zdassets.com https://cloudacademycom.zendesk.com p20.zdassets.com cdn.jsdelivr.net tags.srv.stackadapt.com load.sumo.com ssl.geoplugin.net js.hsforms.net js.hs-scripts.com forms.hsforms.com ajax.googleapis.com *.iubenda.com *.usersnap.com *.appcues.com optimize.google.com *.statuspage.io https://code.jquery.com *.googleapis.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/qi8Gs8qtNKqRobeK/delighted.js https://www.google.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.clarity.ms https://www.googleoptimize.com *.sleeknote.com https://js.storylane.io *.quantserve.com https://*.daily.co https://unpkg.com/@daily-co/daily-js *.clickcease.com https://*.hockeystack.com https://rules.quantcount.com https://*.qualtrics.com blob:

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

strict-origin, strict-origin-when-cross-origin

Permissions-Policy

Present

camera=*, microphone=*

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

letsencrypt.org amazon.com amazontrust.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

2 domains

platform.qa.com *.platform.qa.com