SSL Certificate Analysis for www.threecolts.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

CN=threecolts.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

December 08, 2025

Valid Until

March 08, 2026 62 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

C1:9C:4A:43:72:71:49:88:67:EE:C1:7C:59:F0:00:F5:C7:E5:41:B7:11:14:34:07:E5:34:B6:A0:FB:23:30:20

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=2592000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; script-src; style-src; +10 more

default-src 'self'; script-src 'self' 'unsafe-inline' cdn-cookieyes.com: https: //www.googletagmanager.com https: //tagmanager.google.com https: //www.google-analytics.com https: //www.googletagservices.com https: //pagead2.googlesyndication.com https: //assets.calendly.com https: //*.intercom.io https: //*.intercomcdn.com https: //cdn.mxpnl.com https: //connect.facebook.net https: //tracking-api.g2.com https: //*.chilipiper.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //s3-us-west-2.amazonaws.com https: //static.hotjar.com https: //*.hotjar.com https: //www.youtube.com https: //s.ytimg.com https://s3-us-west-2.amazonaws.com/b2bjsstore/b/ https: //b2bjsstore.s3-us-west-2.amazonaws.com/b/ https: //b-code.liadm.com/lc2.js https: //rp.liadm.com https: //idx.liadm.com; style-src 'self' 'unsafe-inline' https: //tagmanager.google.com https: //fonts.googleapis.com; connect-src 'self' *.cookieyes.com: cdn-cookieyes.com: https: //www.googletagmanager.com https: //analytics.google.com https: //*.analytics.google.com https: //www.google-analytics.com https: //www.googleadservices.com https: //pagead2.googlesyndication.com www.google.co.uk: https: //*.intercom.io wss: //*.intercom.io https: //hub-api.threecolts.com https: //api-js.mixpanel.com https: //api.mixpanel.com https: //www.facebook.com/tr/ https: //graph.facebook.com https: //business.facebook.com https: //api.eu.lever.co https: //*.chilipiper.com https: //threecolts.com https: //www.threecolts.com wss: //*.hotjar.com https: //content.hotjar.io https://pro.ip-api.com https: //alocdn.com/c/vn3d8u2u/a/xtarget/p.json https: //*.execute-api.us-west-2.amazonaws.com/b2bjsstore/b/; img-src 'self' data: blob: cdn-cookieyes.com: https: //www.googletagmanager.com https: //ssl.gstatic.com https: //www.google-analytics.com https: //www.googleadservices.com https: //pagead2.googlesyndication.com https: //www-assets.threecolts.com https: //static.intercomassets.com/ https: //*.intercomcdn.com https: //cdn.mxpnl.com https: //www.facebook.com https: //connect.facebook.net https: //firebasestorage.googleapis.com https: //storage.googleapis.com https: //testimonial.to https: //*.testimonial.to https: //open.spotify.com https: //i.scdn.co https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //*.google.com https: //*.google.rs https: //*.google.co.uk https: //i.ytimg.com https: //s.ytimg.com; frame-src https://www.googletagmanager.com https: //tagmanager.google.com https: //googleads.g.doubleclick.net https: //static.doubleclick.net https: //calendly.com https: //td.doubleclick.net https: //player.vimeo.com https: //www.facebook.com https: //connect.facebook.net https: //app.screenloop.com https: //*.chilipiper.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //*.hotjar.com https: //www.youtube.com https: //www.youtube-nocookie.com; object-src 'none'; font-src 'self' https: //fonts.gstatic.com data: https: //*.intercomcdn.com; media-src 'self' blob: https: //stage-www.dev3c.com https: //www.threecolts.com https: //www-assets.threecolts.com https: //player.vimeo.com https: //firebasestorage.googleapis.com https: //storage.googleapis.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com https: //www.youtube.com; base-uri 'self'; form-action 'self' https://connect.facebook.net; worker-src 'self' blob:; child-src 'self' https: //www.facebook.com https: //staticxx.facebook.com https: //open.spotify.com https: //embed-cdn.spotifycdn.com https: //embed.spotify.com

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

browsing-topics=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

threecolts.com *.threecolts.com