Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=status.allcloud.in
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
January 06, 2026
Valid Until
April 06, 2026
61 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
F7:03:BF:23:6E:09:DA:72:F9:C7:2E:5F:BA:D8:EA:D7:B2:7B:CC:90:16:90:0A:8C:E3:21:84:2D:75:E2:C9:4A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15724800; includeSubDomains
Content-Security-Policy
Basic
frame-ancestors; block-all-mixed-content; default-src; +13 more
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://rum-agent.na-01.cloud.solarwinds.com https://*.sentry.io https://*.nr-data.net https://app.intercom.io https://browser.sentry-cdn.com https://cdn.jsdelivr.net https://cdn.lr-in-prod.com https://cdn.headwayapp.co https://cdnjs.cloudflare.com https://js.sentry-cdn.com https://js.userflow.com https://cdn.userflow.com https://js.getuserflow.com https://js-agent.newrelic.com https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://widget.intercom.io https://*.hsforms.net https://*.hsforms.com;style-src 'self' 'report-sample' 'unsafe-inline' *.bootstrapcdn.com cdn.jsdelivr.net cdn.headwayapp.co cdn.userflow.com js.userflow.com cdnjs.cloudflare.com fonts.googleapis.com js.userflow.com;object-src 'none';frame-src 'self' headway-widget.net www.intercom-reporting.com https://*.hsforms.net https://*.hsforms.com;child-src 'self' fast.wistia.net intercom-sheets.com player.vimeo.com www.youtube.com www.intercom-reporting.com;img-src 'self' data: https: http: *.lr-in-prod.com *.squadcast.tech *.squadcast.xyz *.squadcast.com blob.userflow.com cdn.userflow.com js.userflow.com storage.googleapis.com/studio1-prod-blob/ *.intercomcdn.com *.intercom-cdn.com *.sentry.io;font-src 'self' data: *.bootstrapcdn.com *.intercomcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com;connect-src 'self' data: https: http: wss: ws: *.cubecloudapp.dev cdn.userflow.com js.userflow.com e.userflow.com *.lr-in-prod.com *.squadcast.com *.squadcast.xyz *.squadcast.tech *.intercom.io *.nr-data.net *.sentry.io cdn.jsdelivr.net cdnjs.cloudflare.com e.userflow.com fonts.gstatic.com fonts.googleapis.com storage.googleapis.com sentry.io uploads.intercomusercontent.com uploads.intercomcdn.com https://rum-collector.na-01.cloud.solarwinds.com;manifest-src manifest-src 'self';base-uri 'self';form-action 'self' api-iam.intercom.io intercom.help https://*.hsforms.net https://*.hsforms.com;media-src 'self' blob: *.lr-in-prod.com js.intercomcdn.com blob.userflow.com cdn.userflow.com storage.googleapis.com/studio1-prod-blob/ *.squadcast.com *.squadcast.tech *.squadcast.xyz storage.googleapis.com ;worker-src 'self' blob:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports