Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=*.survicate.com
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA DV R36
Valid From
August 25, 2025
Valid Until
September 25, 2026
273 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
DE:81:C2:6C:A9:E2:22:92:76:A0:2B:F7:60:E6:66:60:45:C4:32:EF:80:C3:6B:0E:B1:C3:27:A8:22:FF:CD:65
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; media-src; img-src; +2 more
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.website-files.com https://*.prod.website-files.com https://uploads-ssl.webflow.com https://webflow.com https://*.survicate.com https://*.survicate-cdn.com https://*.intercom.io wss://*.intercom.io https://*.intercom-messenger.com wss://*.intercom-messenger.com https://*.intercomcdn.com https://static.intercomassets.com https://*.cookiebot.com https://www.googletagmanager.com https://d3e54v103j8qbb.cloudfront.net https://*.google-analytics.com https://*.googlesyndication.com https://*.analytics.google.com https://analytics.google.com https://adservice.google.com www.googleadservices.com https://stats.g.doubleclick.net https://td.doubleclick.net https://assets.calendly.com https://calendly.com https://tracking.g2crowd.com https://*.g2.com https://cdn.mxpnl.com https://api-js.mixpanel.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com/ https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com *.hsforms.net *.hsforms.com https://forms.hubspot.com https://js.partnerstack.com partnerlinks.io https://grsm.io *.sharethis.com ipapi.co https://www.youtube-nocookie.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.googleapis.com https://fonts.gstatic.com https://bcp.crwdcntrl.net https://survicate.traffit.com https://cdn.embedly.com/ https://*.demio.com https://tube.rvere.com https://*.storylane.io https://app.getcontrast.io https://sc.lfeeder.com https://jscloud.net https://*.ahrefs.com; media-src https: data:; img-src https: data:; worker-src 'self' blob:; report-to csp-endpoint-landing;
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports