SSL Certificate Analysis for scalar.ca - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Unknown Certificate Authority - the server's certificate is not trusted

Open Cached · just now

85/100 SECURITY SCORE

Certificate Information

Subject

UNKNOWN=02909227, UNKNOWN={:asn1_OPENTYPE, <<19, 2, 85, 83>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 8, 73, 108, 108, 105, 110, 111, 105, 115>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, C=US, ST=Illinois, O=CDW LLC, CN=cdw.com

Issuer

C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA EV R36

Valid From

October 21, 2025

Valid Until

April 11, 2026 103 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

74:E4:E3:32:1F:F3:2A:D5:AF:0E:A6:60:84:69:02:05:F1:8D:67:B8:E2:23:70:D2:EB:6D:35:7E:BE:4D:B7:2F

Alternative Names

7 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Good

default-src; script-src; style-src; +7 more

default-src 'self';script-src 'self' 'unsafe-inline' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.akamaihd.net *.google.com *.justuno.com *.demdex.net *.d41.co *.cxense.com pactsafe.io *.webcollage.net *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com *.youtube.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cloudfront.net *.bluecore.com blob: data.g2.com *.g2crowd.com *.omtrdc.net *.spexlive.net *.gstatic.com *.turnto.com *.licdn.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hsadspixel.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.stackadapt.com *.administrateweblink.com *.stripe.com *.pactsafe.io *.sketchfab.com *.fiservapps.com sierra.chat *.algorecs.com *.officeperceptioninstinct.com *.oktapreview.com *.okta.com *.jst.ai *.onelink-edge.com justone.ai *.adobedtm.com *.mktoresp.com *.mktoapi.com *.mktoweb.com *.mktoedge.com *.adobedc.net *.marketo.net *.adoberesources.net;style-src 'self' 'unsafe-inline' *.cdw.com *.cdw.ca *.needle.com *.googleapis.com *.justuno.com *.webcollage.net *.easy2.com *.amazonaws.com *.cloudfront.net blob: *.typekit.net *.omtrdc.net *.spexlive.net *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.stackadapt.com *.administrateweblink.com *.stripe.com *.sketchfab.com sierra.chat *.adobedtm.com;img-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.optimizely.com *.needle.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.akamaihd.net *.google.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com *.ytimg.com *.youtube.com *.easy2.com *.amazonaws.com *.linkedin.com *.facebook.com *.cloudfront.net *.adobecqms.net *.everesttech.net *.bluecore.com cdn.optimizely.com data: *.omtrdc.net *.spexlive.net *.windows.net *.turnto.com *.edgecastcdn.net *.licdn.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot.com *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.redditstatic.com *.reddit.com *.scene7.com *.vidyard.com *.vimeocdn.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.stackadapt.com *.pactsafe.io *.administratehq.com *.sketchfab.com sierra.chat *.officeperceptioninstinct.com *.oktapreview.com *.okta.com *.jst.ai *.hubspotusercontent-na1.net justone.ai *.adobedtm.com *.mktoedge.com;frame-src 'self' *.cdw.com *.cdw.ca *.qualtrics.com *.needle.com *.doubleclick.net *.google.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com *.youtube.com *.easy2.com *.facebook.com *.cloudfront.net *.cdwemail.com *.kingston.com *.spexlive.net *.swcontentsyndication.com *.exacttarget.com *.exct.net *.simplecast.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.userway.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.administrateweblink.com *.stripe.com *.sketchfab.com *.fiservapps.com *.microsoft.com justone.ai *.mktoweb.com *.adobedc.net;font-src * data:;connect-src 'self' *.cdw.com *.cdw.ca *.richrelevance.com *.qualtrics.com *.optimizely.com *.needle.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googleapis.com *.akamaihd.net *.google.com *.justuno.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com *.go-mpulse.net *.linkedin.com *.facebook.com *.cloudfront.net *.bluecore.com *.akstat.io data.g2.com *.g2crowd.com *.omtrdc.net *.spexlive.net *.turnto.com *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com accessibilityserver.org *.userway.org *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.onetrust.com *.oribi.io *.cookielaw.org *.stackadapt.com *.administrateweblink.com *.pactsafe.io *.administratehq.com *.sketchfab.com sierra.chat *.algorecs.com *.onelink-edge.com *.adobedtm.com *.mktoresp.com *.mktoapi.com *.mktoweb.com *.mktoedge.com *.adobedc.net *.marketo.net;object-src 'self' *.cdw.com *.scene7.com;media-src 'self' *.cdw.com *.webcollage.net *.youtube.com blob: *.spexlive.net *.syndigo.com *.syndigo.cloud *.userway.org *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

7 domains

aptris.com

cdw.ca

cdw.com getit.cdw.com policy.cdw.com

cdwg.com