SSL Certificate Analysis for quantexa.com - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=www.quantexa.com

Issuer

C=US, O=Let's Encrypt, CN=E7

Valid From

November 16, 2025

Valid Until

February 14, 2026 63 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

C7:92:D3:8F:48:0E:A8:88:EA:EF:5D:18:CB:3E:A3:A1:2A:AF:22:F1:94:88:89:30:E8:DC:A2:F5:EE:01:F8:2D

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; script-src; img-src; +4 more

default-src 'self' *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; img-src data: * blob:; font-src 'self' data: fonts.cdnfonts.com; media-src 'self' blob: *.storyblok.com *.mux.com; style-src 'self' 'unsafe-inline' *.quantexa.local *.quantexa.com *.quantexa.dev *.netlify.app *.netlify.com *.storyblok.com fonts.cdnfonts.com *.matomo.cloud *.google.com *.hsforms.net *.bing.com *.bing.net *.zoominfo.com *.influ2.com *.oktopost.com *.gstatic.com *.hs-analytics.net *.licdn.com okt.to *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.hubspot.com *.hubapi.com *.googletagmanager.com *.doubleclick.net *.hsforms.com *.youtube.com *.blockmarktech.com *.oribi.io *.zscaler.net ingesteer.services-prod.nsvcs.net s3.amazonaws.com js.zi-scripts.com *.visualwebsiteoptimizer.com app.vwo.com www.googleadservices.com pagead2.googlesyndication.com google.com *.google-analytics.com *.clickcease.com *.linkedin.com dta8euw1l8gvs.cloudfront.net *.cookiebot.com *.googleapis.com sc.lfeeder.com opps-widget.getwarmly.com opps-api.getwarmly.com capture.navattic.com js.navattic.com s3-us-west-2.amazonaws.com pro.ip-api.com *.outbrain.com *.redditstatic.com *.reddit.com *.taboola.com *.mux.com inferred.litix.io *.jsdelivr.net *.unpkg.com *.cloudflare.com *.clarity.ms *.ahrefs.com static.xingcdn.com www.xing.com *.adsrvr.org static.hsappstatic.net p.mdb.tools a.usbrowserspeed.com *.ingest.us.sentry.io; frame-ancestors 'self' https://app.storyblok.com/ https://app.markup.io/;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

Same-origin

Permissions-Policy

Present

browsing-topics=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

quantexa.com www.quantexa.com