SSL Certificate Analysis for www.serviceforge.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=www.serviceforge.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 11, 2025

Valid Until

March 11, 2026 51 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D2:A6:1D:27:04:8B:FE:53:2E:0F:56:1B:09:22:A3:43:72:4C:3F:6E:9E:5A:1E:9A:CC:13:8D:18:37:20:41:61

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; frame-ancestors; form-action; +11 more

default-src 'self'; frame-ancestors 'self' https://www.youtube.com/; form-action https://www.facebook.com/tr/; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://vercel.live/ https://script.tapfiliate.com/ https://*.googletagmanager.com/ https://my.setmore.com/ https://tagmanager.google.com/ https://ajax.googleapis.com/ https://*.google-analytics.com/ https://*.chatsupport.co blob: https://*.smartlook.com https://*.smartlook.cloud https://www.googleadservices.com/pagead/ https://*.tiktok.com/ https://bat.bing.com/ https://www.clickcease.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://g.microsoft.com/ https://signup.staging.serviceforge.com/ https://signup.serviceforge.com/ https://*.clarity.ms/ https://www.facebook.com/signals/ https://assets.serviceforge.com/ http://widget.trustpilot.com/ https://consent.cookiebot.eu/ https://cdn.callrail.com/ https://js.callrail.com/; font-src 'self' data: https://storage.googleapis.com/livesupport/ https://use.typekit.net/ ; connect-src 'self' https://api.github.com/ https://capig.stape.cc/ https://script.tapfiliate.com/tapfiliate.js https://assets.serviceforge.com/ https://consentcdn.cookiebot.com https://*.google-analytics.com/ wss://stagingrtm.anywhereworks.com/ wss://rtmserver.anywhereworks.com/ https://stats.g.doubleclick.net/ https://api.chatsupport.co/ https://script.googleusercontent.com/macros/ https://signup.staging.serviceforge.com/ https://bat.bing.com/actionp/ https://monitor.clickcease.com/conversions/ https://www.facebook.com/ https://frstre.com/ https://www.youtube.com/ https://*.clarity.ms/ https://*.chatsupport.co https://signup.serviceforge.com https://analytics.google.com/ https://*.smartlook.com https://*.smartlook.cloud https://*.analytics.google.com/ https://*.googletagmanager.com/ https://*.tiktok.com/ https://script.google.com/a/anywhere.co/macros/ https://vercel.live/api/ https://analytics.pangle-ads.com/api/ https://pagead2.googlesyndication.com/ https://storage.googleapis.com/ https://www.google.com/ https://px.ads.linkedin.com/ https://js.callrail.com/ https://capig.stape.ca/ https://google.com/ ; img-src 'self' blob: data: https://www.gravatar.com/ https://storage.googleapis.com/ https://avatars.githubusercontent.com/ https://*.google-analytics.com/ https://imgsct.cookiebot.com/1.gif https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://*.googletagmanager.com/ https://assets.serviceforge.com/ https://*.gstatic.com/ https://*.google.com/ https://assets.setmore.com https://*.google.co.in/ https://*.bing.com/ https://*.g.doubleclick.net/ https://google.com/ https://pixel.advertising.com/ https://www.facebook.com/* https://avatar.anywhere.app/files/ https://storage.chatsupport.co http://avatar.anywhere.app/ https://*.chatsupport.co https://lh3.googleusercontent.com/ https://c.clarity.ms/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://www.linkedin.com/ ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://my.setmore.com/ https://www.googletagmanager.com/ https://use.typekit.net/ https://p.typekit.net/; media-src 'self' https://storage.googleapis.com/livesupport/ https://assets.serviceforge.com/ https://*.chatsupport.co https://storage.googleapis.com/; frame-src 'self' data: https://consentcdn.cookiebot.com https://www.googletagmanager.com/ https://www.facebook.com/ https://bid.g.doubleclick.net/ https://td.doubleclick.net/ https://*.setmore.com/ https://www.youtube.com/ https://vercel.live/ https://widget.trustpilot.com/ https://consentcdn.cookiebot.eu/ ; object-src 'self'; child-src 'self' blob: gap:; worker-src 'self' blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

1 domain