Open
Cached
·
just now
88/100
SECURITY SCORE
Certificate Information
Subject
CN=*.capacity.com
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M04
Valid From
December 16, 2025
Valid Until
January 14, 2027
388 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5F:01:23:A3:18:C2:D8:35:A7:27:9A:9A:37:51:26:9D:CC:93:A6:F9:BC:EC:87:4B:C8:39:EB:D2:7F:9A:EE:FB
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; font-src; style-src; +5 more
default-src 'self' *.aisoftware.com *.capacity.com *.userpilot.io 127.0.0.1:36850 https://*.boxcloud.com https://surfly.com https://aisoftware-core-application-assets.s3.us-east-1.amazonaws.com https://aisoftware-recordings-prod.s3.amazonaws.com https://app.getbeamer.com/js/beamer-embed.js https://browser-intake-datadoghq.com; font-src 'self' data: use.typekit.net fonts.gstatic.com fonts.googleapis.com https://*.getbeamer.com; style-src 'self' 'unsafe-inline' *.aisoftware.com *.capacity.com *.userpilot.io fonts.googleapis.com https://surfly.com https://*.getbeamer.com https://*.google-analytics.com https://*.googletagmanager.com https://*.boxcloud.com https://browser-intake-datadoghq.com; img-src * data: cid: urn: blob: https://*.google-analytics.com https://*.googletagmanager.com https://browser-intake-datadoghq.com; script-src 'self' blob: 'sha256-iuvXKJJeJnio6fSzayKorIbh/3zigd8fq14oT821f/U=' 'sha256-hyjsy5KPO8ohFtNDlOK5LQJXjXquz/7wZmOjZwQVhec=' 'sha256-FzAh3M9C/8KMRmJc/j5Dqn7kMdZXqmsW3u5248nHRwY=' 'sha256-fxjOcoNR7xb63OlfQ9/5EJMedjiI2/XVXZVoxc6NcYQ=' 'sha256-9MDnmkDlmXeK8XS6beFBi8UEXaANwh6GNB3T3SGiSjM=' 'sha256-FW/rloxQxs80AhWMAd8b8C/dAOx/jPIdf4KWH+iInMs=' 'sha256-kGUQiECb7HTB3+cdt9SV9OGtiju37vTHScB5TlU3tzo=' *.capacity.com *.aisoftware.com *.capacity.com *.userpilot.io use.typekit.net https://*.getbeamer.com https://*.googletagmanager.com https://*.boxcloud.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://surfly.com https://browser-intake-datadoghq.com; connect-src 'self' data: *.files.capacity.com *.aisoftware.com *.capacity.com *.textel.net *.userpilot.io *.googleapis.com wss://*.capacity.com wss://*.userpilot.io wss://127.0.0.1:36850 ws://127.0.0.1:36849 wss://foundation-na-signalr.service.signalr.net foundation-na-signalr.service.signalr.net https://*.getbeamer.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.boxcloud.com https://s3.amazonaws.com https://o171589.ingest.sentry.io http://aisoftware-concierge-kill-switch.s3-website-us-east-1.amazonaws.com https://surfly.com
https://browser-intake-datadoghq.com; frame-src * 'self'; frame-ancestors 'self' *.capacity.com *.external.capacity.com *.userpilot.io https://*.niceincontact.com https://*.incontact.com https://*.office.com https://*.boxcloud.com https://browser-intake-datadoghq.com https://*.five9.com https://surfly.com https://app.getbeamer.com https://apps.mypurecloud.com https://niceincontact.com https://incontact.com https://mail.google.com https://office.com https://zendesk.com https://five9.com
https://browser-intake-datadoghq.com;
X-Frame-Options
Excellent
deny
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
22 domains
*.capacity.com
*.portal.capacity.com
resources.archstl.org
help.avive.life
test-sso.capacityconsole.com
support.creovai.com
help.crossbar.org
support.denimsocial.com
employees.flashfundingmortgage.com
publicsupport.gatewaystaff.com
support.gatewaystaff.com
*.hellocapacity.ai
support.letslinc.com
support.lucy.ai
support.marketmakercre.com
mac.masonmac.ai
help.netgain.tech
support.netgain.tech
leo.prmg.net
support.serviam.org
support.textel.net
support.ycbm.ai
Other domains in certificate