SSL Certificate Analysis for www.goabode.com - Security Grade & TLS Configuration

Open Cached · just now

84/100 SECURITY SCORE

Certificate Information

Subject

CN=www.goabode.com

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

December 18, 2025

Valid Until

March 18, 2026 50 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

66:42:16:DD:83:47:51:1C:B8:E0:66:13:78:A0:3F:63:8C:ED:FD:72:54:0E:FB:BB:98:EA:9F:F9:10:AF:51:38

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; style-src; +10 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.app-ninja.com https://*.afterpay.com/ https://s3-us-west-2.amazonaws.com/jsstore/ https://*.doubleclick.net/ https://*.googletagmanager.com https://www.google-analytics.com/ https://www.googletagmanager.com https://js.intercomcdn.com/ https://js.squarecdn.com/ https://js.stripe.com/ https://maps.googleapis.com/ https://static-tracking.klaviyo.com/ https://static.klaviyo.com/ https://widget.intercom.io/ https://www.affirm.com/ https://static.intercomassets.com/ https://cdn1.affirm.com https://m.stripe.network https://www.paypal.com/sdk/js https://www.paypalobjects.com/muse/muse.js https://www.redditstatic.com/ads/pixel.js https://www.refersion.com/ https://www.youtube.com/ https://yoast.com/ https://abodestore.wpenginepowered.com/ https://tracker.affirm.com/ https://messenger-apps.intercom.io/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://static.klaviyo.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.app-ninja.com https://google.com/ https://*.afterpay.com https://*.affirm.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net https://tracker.affirm.com/ https://js.intercomcdn.com/ https://messenger-apps.intercom.io/ https://a.klaviyo.com https://api-iam.intercom.io https://cdn-assets.affirm.com https://fast.a.klaviyo.com https://fonts.googleapis.com https://iq.afterpay.com https://maps.googleapis.com https://pixel-config.reddit.com https://portal.afterpay.com https://rp.liadm.com https://static-forms.klaviyo.com https://www.affirm.com https://downloads.intercomcdn.com/ https://static.intercomassets.com/ https://www.paypal.com https://www.redditstatic.com https://yoast.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: https://fonts.gstatic.com https://fonts.intercomcdn.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://td.doubleclick.net https://www.googletagmanager.com https://js.stripe.com https://placement-api.us.afterpay.com https://portal.afterpay.com https://www.paypalobjects.com https://www.youtube.com https://www.refersion.com https://*.affirm.com/; img-src 'self' data: https://www.google-analytics.com/ https://www.google.com/ https://woocommerce.com/ https://*.ytimg.com/ https://*.cloudfront.net/company/Msy8XU/ https://maps.googleapis.com/ https://js.intercomcdn.com/ https://alb.reddit.com https://maps.gstatic.com https://secure.gravatar.com https://site-assets.afterpay.com https://static.afterpay.com https://t.paypal.com https://static.intercomassets.com/ https://downloads.intercomcdn.com/ https://tracker.affirm.com/ https://messenger-apps.intercom.io/; manifest-src 'self'; frame-ancestors 'self' https://*.intercomcdn.com/ https://*.affirm.com/ https://*.afterpay.com; media-src 'self' https://*.intercomcdn.com/ https://*.cloudfront.net/company/Msy8XU/; worker-src blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Present

same-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain