SSL Certificate Analysis for rectanglehealth.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=rectanglehealth.com

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

January 06, 2026

Valid Until

April 06, 2026 77 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

E5:CA:99:0A:B7:93:86:5E:2B:FF:24:0D:A3:43:A8:0E:0E:DB:30:5B:60:7C:CB:3A:EF:9C:71:13:68:6E:39:F5

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

script-src; img-src; object-src; +1 more

script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://js.navattic.com/ https://capture.navattic.com/ https://js.hs-scripts.com/ https://bat.bing.com/ https://connect.facebook.net/ https://t.visitorqueue.com/ https://js.driftt.com/ https://tracking.g2crowd.com/ https://www.clarity.ms/ https://i.clarity.ms/ https://snap.licdn.com/ https://tag.pearldiver.io/ https://googleads.g.doubleclick.net/ https://js.hs-analytics.net/ https://js.hubspot.com/ https://track.hubspot.com/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://js.hsadspixel.net/ https://js.zi-scripts.com/ https://ws-assets.zoominfo.com/ https://a.usbrowserspeed.com/ https://tags.clickagy.com/ https://js.adsrvr.org/ https://i.liadm.com/ https://js.hsforms.net/ https://*.fs1.hubspotusercontent-na1.net/ https://20898597.fs1.hubspotusercontent-na1.net/ https://js.chilipiper.com/ https://www.clickcease.com/ https://boards.greenhouse.io/ https://www.tfaforms.com/ https://www.google.com/ https://c.clarity.ms/ https://assets.adobedtm.com/ https://twin-iq.kickfire.com/ https://demo.rectanglehealth.com/ https://stackadapt.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://ap.srv.stackadapt.com/ https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/ https://www.gstatic.com https://scripts.clarity.ms https://nitroscripts.com/ https://*.visitorqueue.com/ https://*.personizely.net https://www.rectanglehealth.com/; img-src 'self' data: blob: https://t.visitorqueue.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://perf-na1.hsforms.com/ https://www.google.com/ https://bat.bing.com/ https://track.hubspot.com/ https://aorta.clickagy.com/ https://us-u.openx.net/ https://i.liadm.com/ https://idsync.rlcdn.com/ https://dpm.demdex.net/ https://pixel-sync.sitescout.com/ https://forms-na1.hsforms.com/ https://www.googletagmanager.com/ https://images.g2crowd.com/ https://googleads.g.doubleclick.net/ https://aa.agkn.com/ https://www.linkedin.com/ https://c.clarity.ms/ https://c.bing.com/ https://d.agkn.com/ https://cm.g.doubleclick.net/ https://assets.adobedtm.com/ https://twin-iq.kickfire.com/ https://tags.srv.stackadapt.com https://*.ads.linkedin.com/ https://*.visitorqueue.com/ https://*.personizely.net https://www.rectanglehealth.com/; object-src 'self' data: blob: https://demo.rectanglehealth.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://js.driftt.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://i.liadm.com/ https://s.pointerpro.com/ https://job-boards.greenhouse.io/ https://www.tfaforms.com/ https://*.personizely.net https://pcihipaa.com/ https://rectanglehealth.chilipiper.com/ https://forms.hsforms.com/ https://c.clarity.ms/ https://*.youtube.com/ https://youtube.com/ https://assets.adobedtm.com https://*.fls.doubleclick.net/ https://track.hubspot.com/ https://capture.navattic.com/ https://tags.srv.stackadapt.com https://www.google.com; frame-src 'self' data: blob: https://demo.rectanglehealth.com/ https://www.googletagmanager.com/ https://td.doubleclick.net/ https://js.driftt.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://i.liadm.com/ https://s.pointerpro.com/ https://job-boards.greenhouse.io/ https://www.tfaforms.com/ https://*.personizely.net https://pcihipaa.com/ https://rectanglehealth.chilipiper.com/ https://forms.hsforms.com/ https://c.clarity.ms/ https://*.youtube.com/ https://youtube.com/ https://assets.adobedtm.com https://*.fls.doubleclick.net/ https://track.hubspot.com/ https://capture.navattic.com/ https://tags.srv.stackadapt.com https://www.google.com

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

rectanglehealth.com