SSL Certificate Analysis for wokiapp.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=wokiapp.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 13, 2025

Valid Until

March 13, 2026 55 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

43:80:A0:F2:C3:36:57:F1:3F:F6:CF:F9:54:94:9F:9B:EC:6B:74:20:6D:36:BE:68:04:E9:DE:B3:30:A8:F9:5A

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; object-src; upgrade-insecure-requests; +9 more

default-src 'self' intent: blob: data:; object-src 'self' blob: data:; upgrade-insecure-requests ; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' https://static.wokiapp.com https://cdn.wokiapp.com https://vercel.live https://vercel.live/_next-live/feedback/feedback.js https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://connect.facebook.net https://sdk-web.y.uno https://sdk-web-card.prod.y.uno https://maps.googleapis.com https://apis.google.com https://l.instagram.com https://instagram.com https://woki.sentry.io https://*.sentry.io https://us-assets.i.posthog.com https://us.i.posthog.com https://*.posthog.com https://www.google.com https://www.gstatic.com https://*.queue-it.net https://analytics.tiktok.com https://*.tiktok.com https://*.facebook.com https://*.fbcdn.net; style-src 'report-sample' 'self' https://static.wokiapp.com https://icons.prod.y.uno * 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://woki.sentry.io https://sentry.io https://o4508275244466176.ingest.us.sentry.io https://static.wokiapp.com; connect-src 'self' data: blob: https://*.queue-it.net *.vercel-insights.com plausible.io https://sockjs-us3.pusher.com wss://ws-us3.pusher.com https://td.doubleclick.net/ https://securetoken.googleapis.com/ https://identitytoolkit.googleapis.com https://analytics.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://gtm-server.api.wokiapp.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google.com/ccm/collect https://google.com/ https://maps.googleapis.com https://td.doubleclick.net/ https://static.wokiapp.com https://cdn.wokiapp.com https://sdk-web.y.uno https://sdk-web-card.prod.y.uno https://wokilatam.firebaseio.com https://api-sandbox.y.uno https://api.y.uno https://*.wokiapp.com https://test.woki.ar https://l.instagram.com https://instagram.com https://woki-web-testing.web.app https://wokilatam.web.app https://*.sentry.io https://o4508275244466176.ingest.us.sentry.io https://us-assets.i.posthog.com https://us.i.posthog.com https://*.posthog.com https://o4508275244466176.ingest.us.sentry.io https://www.google.com https://www.gstatic.com https://analytics.tiktok.com https://*.tiktok.com https://*.facebook.com https://*.fbcdn.net https://*.public.blob.vercel-storage.com https://j8mtphnij3khnjeq.public.blob.vercel-storage.com; font-src 'self' data: https://static.wokiapp.com https://cdn.wokiapp.com https://fonts.gstatic.com https://*.public.blob.vercel-storage.com https://j8mtphnij3khnjeq.public.blob.vercel-storage.com; img-src 'self' data: blob: https://static.wokiapp.com https://cdn.wokiapp.com www.googletagmanager.com * https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com; worker-src 'self' blob:; frame-ancestors *; form-action 'self' https://woki.sentry.io https://sentry.io https://o4508275244466176.ingest.us.sentry.io https://*.ingest.us.sentry.io/ https://www.facebook.com https://*.facebook.com https://www.facebook.com/tr/; frame-src 'self' https://vercel.live/ https://td.doubleclick.net/ https://www.googletagmanager.com https://sdk-web.y.uno https://sdk-web-card.prod.y.uno wokilatam.firebaseapp.com https://wokiapp.com https://td.doubleclick.net https://www.google.com https://www.gstatic.com https://www.facebook.com https://*.facebook.com https://woki-web-testing.web.app https://wokilatam.web.app

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain

wokiapp.com