Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
CN=*.wearetnv.com
Issuer
C=US, O=Let's Encrypt, CN=E8
Valid From
November 25, 2025
Valid Until
February 23, 2026
86 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
8D:A4:36:33:31:76:70:DA:A3:9F:38:A3:8F:C4:FD:AA:78:31:AE:EF:CC:7A:A3:92:60:18:28:23:52:A0:53:BE
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=2592000
Content-Security-Policy
Basic
default-src; child-src; connect-src; +7 more
default-src 'self' *.mightynetworks.com *.mn.co; child-src 'self' blob: *; connect-src 'self' *.akamaized.net *.amazonaws.com/upload.usersnap.com *.analytics.google.com *.chime.aws *.facebook.com *.google-analytics.com *.googlesyndication.com *.imgix.net *.live-video.net *.kaltura.com *.mightynetworks.com *.mn.co analytics.google.com adservice.google.com api.getrewardful.com api.segment.io api.stripe.com api-iam.intercom.io app.brightback.com bat.bing.com capture.trackjs.com cdn.jsdelivr.net cdn.linkedin.oribi.io cdn.segment.com js.stripe.com rum.browser-intake-datadoghq.com session-replay.browser-intake-datadoghq.com sockjs.pusher.com statsigapi.net featuregates.org featureassets.org prodregistryv2.org events.statsigapi.net stats.g.doubleclick.net translate.google.com translate.googleapis.com uploads.intercomcdn.com widget.usersnap.com ws.pusherapp.com www.google.com www.googletagmanager.com www.googleadservices.com fonts.googleapis.com logs.browser-intake-datadoghq.com analytics.tiktok.com *.wistia.com *.sentry-cdn.com rootabl.web.app myrootabl.com *.linkedin.com *.vimeo.com vimeo.com www.wbus0a0h.com *.prosperstack.com d8acyc0zqfjzr.cloudfront.net media2-production.mightynetworks.com wss:; media-src 'self' blob: data: *; font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com *.mightynetworks.com *.mn.co; img-src 'self' blob: data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.chime.aws *.capterra.com *.google-analytics.com *.googlesyndication.com *.mightynetworks.com *.mn.co *.usersnap.com ajax.googleapis.com apis.google.com app.brightback.com bat.bing.com cdnjs.cloudflare.com static.cloudflareinsights.com cdn.embedly.com cdn.jsdelivr.net cdn.segment.com cdn.trackjs.com code.highcharts.com connect.facebook.net googleads.g.doubleclick.net js.intercomcdn.com js.stripe.com snap.licdn.com static.ads-twitter.com stats.pusher.com translate.google.com translate.googleapis.com widget.intercom.io www.datadoghq-browser-agent.com www.googletagmanager.com www.google.com www.gstatic.com www.googleadservices.com www.youtube.com analytics.tiktok.com *.wistia.com *.sentry-cdn.com app.rootabl.com myrootabl.com *.linkedin.com vimeo.com *.vimeo.com www.wbus0a0h.com *.prosperstack.com; object-src 'none'; style-src 'self' blob: data: 'unsafe-inline' *.mightynetworks.com *.mn.co cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com; report-uri /api/web/v1/analytics/csp_violations
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports