Open
Cached
·
just now
96/100
SECURITY SCORE
Certificate Information
Subject
CN=rfpio.com
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M03
Valid From
March 03, 2025
Valid Until
April 01, 2026
97 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
65:06:E9:48:5F:30:D4:40:5E:03:44:24:C2:A5:29:02:A7:63:43:DD:CD:D9:AD:92:73:00:E2:5C:CA:A7:60:6A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +10 more
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' data: blob: https://www.clarity.ms https://tracking.g2crowd.com https://cdn.getkoala.com https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai static.cdn.prismic.io prismic.io js.qualified.com https://js.zoominfo.com https://ws.zoominfo.com; style-src * 'unsafe-inline'; img-src * data: blob: https://www.clarity.ms https://api.getkoala.com images.unsplash.com images.prismic.io responsiveio.cdn.prismic.io https://ws.zoominfo.com; font-src * data:; connect-src * https://www.clarity.ms https://tracking.g2crowd.com https://api.getkoala.com https://olivia.paradox.ai js.qualified.com app.qualified.com wss://ws.qualified.com https://ws.zoominfo.com; frame-src * responsiveio.prismic.io responsiveio-staging.prismic.io; object-src 'none'; form-action *; base-uri 'self'; frame-ancestors 'self' https://slice-simulator.prismic.io https://responsiveio.prismic.io https://responsiveio-staging.prismic.io https://app.rfpio.com; upgrade-insecure-requests ; media-src cdn.plyr.io responsiveio.cdn.prismic.io app.qualified.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=(), geolocation=()
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Wildcard CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 6 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts