SSL Certificate Analysis for www.thinfinity.com - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=*.thinfinity.com

Issuer

C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2

Valid From

June 20, 2025

Valid Until

July 22, 2026 239 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

C3:A5:7A:85:FD:B3:9A:FF:69:32:BF:3A:46:A5:BC:E4:D4:BE:CC:87:49:2F:4F:20:27:17:3C:74:70:9C:52:7B

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

default-src; connect-src; font-src; +10 more

default-src 'self'; connect-src 'self' https: wss: ; font-src 'self' data: https://unpkg.com https://fonts.gstatic.com/ https://css.zohocdn.com/ https://*.cybelesoft.com/ https://cdn.jotfor.ms https://mm-static.mustcheck.com; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://ssl.google-analytics.com/ https://unpkg.com https://*.cybelesoft.com/ https://cdn-cookieyes.com https://cdn.jotfor.ms https://connect.facebook.net https://www.googletagmanager.com https://snap.licdn.com https://bat.bing.com https://static.ads-twitter.com https://www.redditstatic.com https://salesiq.zohopublic.com https://assets.apollo.io https://connect.facebook.net https://js.zohocdn.com https://ajax.cloudflare.com/ https://googleads.g.doubleclick.net/ https://static.zohocdn.com/ https://www.youtube.com; script-src-elem 'unsafe-inline' 'self' https://analytics.tiktok.com/ https://www.clarity.ms/ https://scripts.clarity.ms/ https://ssl.google-analytics.com/ https://scripts.clixtell.com/ https://unpkg.com https://*.cybelesoft.com/ https://www.googletagmanager.com/ https://snap.licdn.com https://bat.bing.com https://static.ads-twitter.com/ https://www.redditstatic.com/ https://sc.lfeeder.com/ https://salesiq.zohopublic.com/ https://assets.apollo.io https://mm-uxrv.com https://js.zohocdn.com/ https://d-code.liadm.com https://cdn-cookieyes.com/ https://connect.facebook.net/ https://a.usbrowserspeed.com/ https://a.aisiteanalytics.com https://googleads.g.doubleclick.net/ https://cdn.jotfor.ms/ https://cdn01.jotfor.ms/ https://cdn02.jotfor.ms/ https://cdn03.jotfor.ms/ https://www.gstatic.com/ https://www.youtube.com https://static.zohocdn.com https://www.googleadservices.com/ https://ajax.cloudflare.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google.com/ https://yoast.com/ https://pagead2.googlesyndication.com https://salesiq.zoho.com; style-src 'self' 'unsafe-inline' https://unpkg.com https://css.zohocdn.com/salesiq/ https://css.zohocdn.com/ https://*.cybelesoft.com/ https://fonts.googleapis.com/ https://static.zohocdn.com/ https://www.gstatic.com/; style-src-elem 'unsafe-inline' 'unsafe-eval' 'self' https://unpkg.com https://css.zohocdn.co https://*.cybelesoft.com/ https://fonts.googleapis.com https://css.zohocdn.com https://*.cybelesoft.com/ https://static.zohocdn.com https://cdn01.jotfor.ms https://cdn02.jotfor.ms https://cdn03.jotfor.ms https://cdn.jotfor.ms https://css.zohocdn.com https://ajax.cloudflare.com/ https://www.gstatic.com; style-src-attr 'unsafe-inline' 'self'; img-src https://unpkg.com https: wss: data: 'self'; frame-src 'self' https://ssl.google-analytics.com/ https://*.cybelesoft.com/ https://cybelesoft.com/ https://form.jotform.com/ https://www.googletagmanager.com/ https://i.liadm.com/ https://www.youtube-nocookie.com/ https://forms.zohopublic.com/ https://www.youtube.com/ https://submit.jotform.com https://td.doubleclick.net/; worker-src blob: ; media-src https://unpkg.com https://*.cybelesoft.com/ https://cybelesoft.com/ https://us4-files.zohopublic.com/ https://static.zohocdn.com https://static.zohocdn.com/salesiq/

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

thinfinity.com *.thinfinity.com