SSL Certificate Analysis for sleekplan.com - Security Grade & TLS Configuration

Open Cached · just now

91/100 SECURITY SCORE

Certificate Information

Subject

CN=sleekplan.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

July 30, 2025

Valid Until

August 27, 2026 217 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

68:1F:53:D7:56:D5:6D:B1:DE:F8:B2:7C:DD:1F:51:9B:59:5B:4C:3D:6E:75:9A:5B:DC:6E:7A:28:DF:D8:E3:79

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains; preload

Content-Security-Policy

Good

default-src; script-src; style-src; +12 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' blob: https://*.sleekplan.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://unpkg.com/@stoplight/elements/web-components.min.js https://*.cookie-script.com https://*.partnero.com https://*.cello.so https://sleekplan-calendar.pikapod.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.sleekplan.com https://unpkg.com; img-src 'self' data: blob: https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://google.com https://*.sleekplan.com https://cdn0.capterra-static.com https://i.ytimg.com https://images.contentful.com https://images.g2crowd.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://images.ctfassets.net https://sleekplan.hel1.your-objectstorage.com; font-src 'self' https://*.sleekplan.com https://js.intercomcdn.com https://fonts.intercomcdn.com; connect-src 'self' https://*.sleekplan.cloud https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.google.com https://google.com https://*.sleekplan.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.eu.intercomcdn.com https://uploads.intercomusercontent.com https://stoplight.io https://*.cello.so; media-src 'self' https://*.sleekplan.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com; object-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'self' https://*.sleekplan.app https://*.sleekplan.com https://www.youtube.com https://www.googletagmanager.com https://td.doubleclick.net https://sleekplan-calendar.pikapod.net; worker-src 'none'; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; base-uri 'self'; manifest-src 'self'; report-uri https://ingest.sleekplan.com/api/6/security/?sentry_key=4fc8892ed8ef47ef5979a72c63e99bdb

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

sleekplan.com *.sleekplan.com