SSL Certificate Analysis for www.userway.org - Security Grade & TLS Configuration

Open Cached · just now

91/100 SECURITY SCORE

Certificate Information

Subject

CN=userway.org

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M01

Valid From

September 20, 2025

Valid Until

October 19, 2026 320 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

76:94:1F:10:1C:92:2F:65:78:28:92:7A:FD:9D:5C:06:B9:B6:55:D1:F3:30:39:6E:40:15:B2:D3:74:86:10:7E

Alternative Names

8 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Basic

default-src; script-src; style-src; +9 more

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.recaptcha.net https://*.google.com https://sgtm.userway.org https://api.userway.org/api/ https://inspect.userway.org/api https://inspect.userway.org https://userway.org https://manage.userway.org https://scan.userway.org https://cdn.userway.org https://*.hotjar.com https://*.cookiebot.com http://*.outbrain.com http://*.trustpilot.com https://cdn.debugbear.com https://js.stripe.com https://m.stripe.network/out-4.5.42.js https://*.hideousplay.com https://www.redditstatic.com/ads/pixel.js https://a.quora.com/qevents.js https://amplify.outbrain.com/cp/obtp.js https://js.hs-scripts.com https://static.ads-twitter.com/uwt.js https://m.stripe.network https://bat.bing.com http://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://tag.clearbitscripts.com https://x.clearbitjs.com https://reveal.clearbit.com https://cdn.amplitude.com https://js.intercomcdn.com https://www.youtube.com https://*.tiktok.com/ https://snap.licdn.com https://*.6sc.co https://js.hsadspixel.net https://*.taboola.com https://connect.facebook.net https://*.intercom.io https://assets.calendly.com https://w.usabilla.com https://cdn.optimizely.com https://cdn.segment.io https://cdn.heapanalytics.com https://js.appboycdn.com https://data.pendo.io https://static.zdassets.com https://geolocation.onetrust.com https://*.airbrake.io https://api2.amplitude.com https://*.g.doubleclick.net https://cdn.cookielaw.org https://booking-dfp.calendly.com/telemetry.js; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.recaptcha.net https://*.google.com https://sgtm.userway.org https://api.userway.org/api/ https://inspect.userway.org/api https://inspect.userway.org https://userway.org https://manage.userway.org https://scan.userway.org https://cdn.userway.org https://*.cookiebot.com https://tagmanager.google.com; img-src 'self' data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.recaptcha.net https://*.google.com https://sgtm.userway.org https://api.userway.org/api/ https://inspect.userway.org/api https://inspect.userway.org https://userway.org https://manage.userway.org https://scan.userway.org https://cdn.userway.org https://track.hubspot.com https://px.ads.linkedin.com https://bat.bing.com https://static.intercomassets.com https://downloads.intercomcdn.com https://js.intercomcdn.com https://*.trustpilot.com https://*.cookiebot.com https://*.g2crowd.com https://*.taboola.com https://q.quora.com https://levelaccess.com https://stape.io https://www.linkedin.com https://*.g.doubleclick.net https://t.co/1/i/ https://analytics.twitter.com https://alb.reddit.com http://b.6sc.co/v1/beacon/ https://un.hideousplay.com/tracker/ https://ct.capterra.com/ https://i.liadm.com/ https://images.g2crowd.com https://lh3.googleusercontent.com https://www.facebook.com https://b.6sc.co https://effortless-cuddle-8148be6fe0.media.strapiapp.com https://i.ytimg.com; font-src 'self' data: https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.recaptcha.net https://*.google.com https://sgtm.userway.org https://api.userway.org/api/ https://inspect.userway.org/api https://inspect.userway.org https://userway.org https://manage.userway.org https://scan.userway.org https://cdn.userway.org https://fonts.intercomcdn.com/messenger-m4/; connect-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.recaptcha.net https://*.google.com https://sgtm.userway.org https://api.userway.org/api/ https://inspect.userway.org/api https://inspect.userway.org https://userway.org https://manage.userway.org https://scan.userway.org https://cdn.userway.org https://*.trustpilot.com https://static.hsappstatic.net https://api.hubapi.com https://www.facebook.com https://bat.bing.net wss://ws.hotjar.com https://metrics.hotjar.io https://content.hotjar.io https://vc.hotjar.io https://bat.bing.com https://*.outbrain.com https://*.taboola.com https://tag.clearbitscripts.com https://app.clearbit.com https://data.debugbear.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://px.ads.linkedin.com https://pixel-config.reddit.com https://*.6sc.co https://epsilon.6sense.com https://www.redditstatic.com https://*.hideousplay.com https://conversions-config.reddit.com wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://*.airbrake.io https://api2.amplitude.com https://cdn.amplitude.com https://*.cookiebot.com https://*.cookiebot.eu https://effortless-cuddle-8148be6fe0.media.strapiapp.com; media-src https://sgtm.userway.org https://api.userway.org/api/ https://inspect.userway.org/api https://inspect.userway.org https://userway.org https://manage.userway.org https://scan.userway.org https://cdn.userway.org; frame-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.recaptcha.net https://*.google.com https://sgtm.userway.org https://api.userway.org/api/ https://inspect.userway.org/api https://inspect.userway.org https://userway.org https://manage.userway.org https://scan.userway.org https://cdn.userway.org https://js.stripe.com https://intercom-sheets.com https://www.facebook.com https://www.youtube.com http://www.youtube.com https://calendly.com https://*.cookiebot.com; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com https://scan.userway.org https://manage.userway.org https://api.userway.org/api/ https://inspect.userway.org/api/; frame-ancestors https://userway.org https://userway.org/blog/ https://userway.org/es/blog/ https://userway.org/de/blog/ https://userway.org/fr/blog/ https://userway.org/pt/blog/ https://manage.userway.org;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

8 domains

userway.org *.userway.org cdn.userway.org staging.userway.org www.userway.org *.staging.userway.org staging.blog.userway.org *.staging.blog.userway.org