SSL Certificate Analysis for support.zen.co.uk - Security Grade & TLS Configuration

Open Cached · just now

85/100 SECURITY SCORE

Certificate Information

Subject

CN=*.zen.co.uk

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M01

Valid From

September 18, 2025

Valid Until

October 17, 2026 330 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

2C:4E:3E:21:E4:16:E1:7D:B8:9A:EF:B4:7A:5D:19:75:FC:BD:6E:8E:54:4E:1B:E3:C7:1D:30:2B:63:9B:D0:FF

Alternative Names

41 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

upgrade-insecure-requests; default-src; script-src; +10 more

upgrade-insecure-requests;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pi.pardot.com https://*.zen.co.uk https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://az416426.vo.msecnd.net https://*.bizographics.com https://snap.licdn.com https://bat.bing.com https://s3.amazonaws.com https://*.ads.linkedin.com https://errors.angularjs.org https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.googleadservices.com https://tagmanager.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://secure.leadforensics.com https://www.details-enterprise-7.com https://secure.quantserve.com https://rules.quantcount.com https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net https://widget.trustpilot.com https://dec.azureedge.net https://cdn.insight.sitefinity.com https://static.mention-me.com https://tag.mention-me.com https://optimize.google.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://static.ads-twitter.com https://analytics.twitter.com https://secure.adnxs.com https://www.facebook.com https://websites.cdn.getfeedback.com https://*.popupsmart.com https://p.teads.tv https://player.vimeo.com https://tags.srv.stackadapt.com https://tools.luckyorange.com https://*.clarity.ms https://*.expertrec.com blob: https://*.sub2tech.com https://ads.nextdoor.com https://service.force.com https://zeninternet.my.salesforce.com https://*.salesforceliveagent.com https://static.lightning.force.com https://lightening.secure.force.com https://*.static.lightning.force.com https://zeninternet.my.salesforce-sites.com https://www.youtube.com https://d1bziodztiw2c7.cloudfront.net https://dev.visualwebsiteoptimizer.com https://www.awin1.com https://www.dwin1.com https://assets.brandswap.com https://lantern.roeyecdn.com https://d16fk4ms6rqz1v.cloudfront.net https://data.perfmaker.net https://smct.co https://analytics-event.com https://the.sciencebehindecommerce.com https://plausible.io;object-src 'none';style-src 'self' 'unsafe-inline' https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://optimize.google.com https://*.popupsmart.com https://tags.srv.stackadapt.com https://service.force.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com;img-src 'self' blob: https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://gtrk.s3.amazonaws.com https://*.zen.co.uk/ https://zen-marketingwebsite-data.s3.amazonaws.com https://zen-marketingwebsite2-data.s3.amazonaws.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn-ukwest.onetrust.com data: https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://t.co https://www.facebook.com https://*.ads.linkedin.com https://www.linkedin.com https://*.gstatic.com https://pixel.quantserve.com https://bat.bing.com https://secure.adnxs.com https://*.popupsmart.com https://*.teads.tv https://i.vimeocdn.com https://*.clarity.ms https://d20j3a1e4m2ov9.cloudfront.net https://flask.nextdoor.com https://www.youtube.com https://dev.visualwebsiteoptimizer.com https://www.awin1.com https://plausible.io;media-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://myaccount.zen.co.uk https://www.google.com https://maps.google.com https://optimize.google.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://identity.testing.zen.co.uk https://identity.zen.co.uk https://widget.trustpilot.com https://mention-me.com https://zen.mention-me.com https://servedby.flashtalking.com https://www.getfeedback.com https://zeninternet.getfeedback.com https://dubb.com https://12507069.fls.doubleclick.net https://td.doubleclick.net https://view.genial.ly https://view.genially.com https://cloud.e.zen.co.uk https://service.force.com https://zeninternet.my.salesforce.com https://www.awin1.com https://www.mainadv.com;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data:;connect-src 'self' https://www.google-analytics.com https://www.googleadservices.com https://www.google.co.uk https://region1.google-analytics.com https://region1.analytics.google.com https://nl-api.dec.sitefinity.com https://nl-api.insight.sitefinity.com https://zen-marketingwebsite.s3.amazonaws.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://privacyportal-uk.onetrust.com https://stats.g.doubleclick.net https://tag.mention-me.com https://mention-me.com https://graph.facebook.com https://*.popupsmart.com https://*.teads.tv https://tags.srv.stackadapt.com https://cdn.linkedin.oribi.io https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://dev.visualwebsiteoptimizer.com https://*.clarity.ms https://*.expertrec.com https://flask.nextdoor.com https://lightening.secure.force.com https://zeninternet.my.salesforce-sites.com https://apm.zen.co.uk https://ih4anl1qy8.execute-api.eu-west-1.amazonaws.com https://*.zen.co.uk https://tagapi.brandswap.com https://the.sciencebehindecommerce.com https://plausible.io;frame-ancestors 'self' https://portal.zenbusiness.co.uk https://enlighten2.testing.zen.co.uk https://enlighten2.zen.co.uk https://12507069.fls.doubleclick.net;worker-src 'self' blob:;report-uri /WebResource.axd?cspReport=true

X-Frame-Options

Present

SameOrigin,SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports