SSL Certificate Analysis for www.sixflags.com - Security Grade & TLS Configuration

Open Cached · just now

78/100 SECURITY SCORE

Certificate Information

Subject

CN=www.sixflags.com

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

November 04, 2025

Valid Until

December 03, 2026 340 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

07:A2:D2:DD:7E:A6:97:CA:FA:EB:BD:CD:EE:EF:EB:9F:99:22:3C:3B:25:B3:02:09:AE:1F:E1:2B:B9:AC:CF:96

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; style-src; +13 more

default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kargo.com tag.bounceexchange.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com *.rfihub.com *.rfihub.net *.sixflags.com *.googletagmanager.com *.googlesyndication.com storage.googleapis.com *.youtube.com *.ujet.co *.sentry-cdn.com *.algolia.net *.algolianet.com *.sixflags.net *.abtasty.com *.osano.com *.api.osano.com *.datasubject.com *.quantummetric.com *.clarity.ms core.sanity-cdn.com acsbapp.com authjs.dev unpkg.com *.ondigitalocean.app *.attractions.io *.pinterest.com connect.facebook.net *.buy.sixflags.com *.store.sixflags.com s.pinimg.com *.g.doubleclick.net https://bat.bing.com/bat.js https://live.rezync.com https://cdn.boomtrain.com https://bat.bing.com https://bat.bing.com/p/action https://bat.bing.com/p/action/247012320.js https://connect.facebook.net/en_US/fbevents.js https://try.abtasty.com https://www.google.com https://analytics.google.com https://www.gstatic.com *.taboola.com https://cloudpresskit.com; style-src 'self' 'unsafe-inline' *.abtasty.com assets.bounceexchange.com; img-src 'self' data: blob: assets.bounceexchange.com events.bouncex.net *.cdnwidget.com pippio.com *.store.sixflags.com *.liadm.com *.clarity.ms *.buy.sixflags.com https://www.google.com https://i.liadm.com https://ad.doubleclick.net https://analytics.google.com https://www.facebook.com *.g.doubleclick.net https://live.rezync.com https://bat.bing.com https://trc.taboola.com *.wistia.com *.youtube.com *.googlesyndication.com *.moengage.com *.googletagmanager.com *.ytimg.com *.abtasty.com authjs.dev https://cloudpresskit.com https://static.cloudpresskit.com https://bat.bing.com/action cdn.sanity.io cdn.sanity.io static.sixflags.com six-flags.s3.amazonaws.com assets.sixflags.com; font-src 'self' data: https://cloudpresskit.com assets.bounceexchange.com; object-src 'none'; base-uri 'self'; form-action 'self' api.bounceexchange.com dev.bounceexchange.com; frame-ancestors 'self'; frame-src * www.google.com recaptcha.google.com assets.bounceexchange.com dash.bounceexchange.com dash-staging.bounceexchange.com *.google.com *.buy.sixflags.com *.store.sixflags.com; worker-src blob:; child-src blob: assets.bounceexchange.com; connect-src 'self' ws: *.kargo.com coupons.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net *.boomtrain.com *.clarity.ms *.doubleclick.net https://www.facebook.com https://analytics.google.com https://bat.bing.com https://bat.bing.com/p/action https://bat.bing.com/p/action/247012320.js *.wistia.com *.acsbapp.com *.moengage.com *.sixflags2024.dev *.quantummetric.com *.sfdev.co api.sixflags.net *.store.sixflags.com *.buy.sixflags.com *.youtube.com *.api.osano.com *.osano.com *.algolia.net *.algolianet.com *.sixflags.net *.abtasty.com *.pinterest.com *.taboola.com *.ondigitalocean.app *.attractions.io *.googletagmanager.com *.intentia.com fg8vvsvnieiv3ej16jby.litix.io *.googleadservices.com https://production-search-api.sfdev.co/search-api/public https://qaapi.sixflags.net https://salesforce-form-proxy-production-2bqljsoi2a-uc.a.run.app https://d18car1k0ff81h.cloudfront.net https://dev.cf-mobile.com https://live.rezync.com https://www.google.com https://static.cloudpresskit.com https://www.google-analytics.com https://us-central1-missi-six-prod.cloudfunctions.net https://cloudpresskit.com; manifest-src 'self' accounts.google.com *.abtasty.com web-sf-user-pool-domain-uat.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-dev.auth.us-east-2.amazoncognito.com web-sf-user-pool-domain-qa.auth.us-east-2.amazoncognito.com; media-src 'self' blob: *.youtube.com; upgrade-insecure-requests;

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

sixflags.com www.sixflags.com