SSL Certificate Analysis for www.devo.com - Security Grade & TLS Configuration

Open Cached · just now

92/100 SECURITY SCORE

Certificate Information

Subject

CN=www.devo.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 21, 2025

Valid Until

March 21, 2026 66 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

58:3D:EC:87:06:40:AA:33:1F:0F:66:CB:5E:B5:68:3D:B8:39:3E:A0:D4:49:9A:ED:70:03:9F:D2:91:A7:54:91

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://play.vidyard.com https://www.devo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bugherd.com https://acsbapp.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://devo734.outgrow.us https://js.hs-scripts.com https://dyv6f9ner1ir9.cloudfront.net https://sidebar.bugherd.com https://play.vidyard.com https://www.gartner.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://js.hsforms.net https://view.ceros.com https://www.googleadservices.com https://cdn.mouseflow.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://tag.demandbase.com https://ws.zoominfo.com https://j.6sc.co https://cdn.pdst.fm https://jobs.jobvite.com https://js.hubspot.com https://optimize.google.com https://www.googleoptimize.com https://yoast.com https://my.yoast.com https://dev.visualwebsiteoptimizer.com https://www.devo.com https://js.storylane.io/js/v1/storylane.js https://js.storylane.io https://www.google.com https://www.gstatic.com https://www.youtube.com https://bugcrowd.com/ https://assets.bugcrowdusercontent.com/assets/packs/external_submissions-b3f69456b390e9020f61ae89e8eec3f6c050062571ce52bcb6fda6d0d81e2828.js https://static.hotjar.com https://script.hotjar.com/ https://bat.bing.com https://www.clarity.ms google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.gartner.com https://optimize.google.com https://www.googleoptimize.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set https://www.devo.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://track.hubspot.com https://play.vidyard.com https://cdn.vidyard.com https://reviews.static.gartner.com https://forms.hsforms.com https://forms-na1.hsforms.com https://sidebar.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://www.facebook.com https://id.rlcdn.com https://b.6sc.co https://t.co https://segments.company-target.com https://connect.facebook.net https://cdn.acsbapp.com https://www.linkedin.com https://perf-na1.hsforms.com https://optimize.google.com https://ps.w.org https://ad.doubleclick.net https://via.placeholder.com https://cta-service-cms2.hubspot.com https://dev.visualwebsiteoptimizer.com https://www.devo.com https://static.hubspot.com https://www.gstatic.com https://www.google.com https://static.hsappstatic.net https://i.ytimg.com https://hcti.io/v1/image/9efe83a8-37ab-4130-8e49-0c314f7d5104 https://www.gartner.com/peer-insights/vendor-portal/public/Widget/img/stars.png https://devo-uploads.s3.amazonaws.com/uploads/2024/12/bottom-line.png https://devo-uploads.s3.amazonaws.com/uploads/2024/12/Rectangle-4311.jpg https://devo-uploads.s3.amazonaws.com https://www.gartner.com https://bat.bing.com https://www.googleadservices.com https://adservice.google.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://js.hs-banner.com https://cdn.acsbapp.com https://forms.hubspot.com https://sessions.bugsnag.com https://notify.bugsnag.com https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://n2.mouseflow.com https://cdn.linkedin.oribi.io https://ipv6.6sc.co https://api.company-target.com https://tag-logger.demandbase.com https://us-central1-adaptive-growth.cloudfunctions.net https://secure.adnxs.com https://ws.zoominfo.com https://c.6sc.co https://segments.company-target.com https://cta-service-cms2.hubspot.com https://pagead2.googlesyndication.com https://my.yoast.com https://acsbapp.com https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.devo.com https://forms-na1.hsforms.com https://www.gstatic.com https://www.google.com https://pixels.spotify.com/v1/ingest wss://ws.hotjar.com/api/v2/client/ws https://content.hotjar.io/ https://autocomplete.demandbase.com/api/v5/email.json https://forms-na1.hubspot.com/submissions-validation/v1/validate/3911167/93b708a5-5a2c-429c-bc2d-3abd34960db7 https://forms-na1.hubspot.com/submissions-validation/v1/validate/3911167/1979e138-a1d1-4cb4-8e79-4a18547c5ce2 https://vc.hotjar.io/ https://www.google-analytics.com/ https://metrics.hotjar.io/ https://p.clarity.ms https://google.com https://api.storylane.io https://e.clarity.ms https://bat.bing.com https://ad.doubleclick.net https://l.clarity.ms www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://www.gartner.com https://www.devo.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://www.devo.com; frame-src 'self' https://devo734.outgrow.us https://sidebar.bugherd.com https://play.vidyard.com https://www.gartner.com https://view.ceros.com data: blob: https://cdn.vidyard.com https://playlist.megaphone.fm https://forms.hsforms.com https://11605080.fls.doubleclick.net https://s.company-target.com https://www.facebook.com https://jobs.jobvite.com https://cta-service-cms2.hubspot.com https://3911167.hs-sites.com https://optimize.google.com https://td.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://www.devo.com https://app.storylane.io https://forms-na1.hsforms.com https://www.gstatic.com https://www.google.com https://bugcrowd.com https://devo.storylane.io/ www.googletagmanager.com; child-src 'self' blob: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Present

camera=()

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain