Open
Cached
·
just now
86/100
SECURITY SCORE
Certificate Information
Subject
CN=zs.com
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M04
Valid From
December 23, 2025
Valid Until
January 21, 2027
389 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
28:67:AA:92:B5:EF:98:62:1F:D7:89:7F:80:4F:8E:7E:CA:C6:4D:8E:A3:32:4F:E5:9C:85:12:E4:07:AE:66:EB
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000; includeSubdomains;
Content-Security-Policy
Basic
frame-ancestors; frame-src; img-src; +5 more
frame-ancestors 'self' *.zs.com https://zsprize.zs.com/; frame-src https://app.altrulabs.com/ *.surveymonkey.com https://acdn.adnxs.com/ *.google.com *.ampproject.org *.vimeo.com *.adobe.com *.zs.com *.hotjar.com *.doubleclick.net *.facebook.com *.demdex.net *.youtube.com *.buzzsprout.com *.ceros.com *.company-target.com https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googletagmanager.com/; img-src https://tag.simpli.fi/ *.adnxs.com https://acdn.adnxs.com/ https://i.vimeocdn.com/ *.zs.com 'self' https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com *.bing.com https://www.googleadservices.com *.clarity.ms *.smassets.net *.twitter.com *.cookielaw.org *.ampproject.org *.scene7.com *.company-target.com https://match.prod.bidr.io *.doubleclick.net *.google.com *.google.co.in *.linkedin.com *.google-analytics.com *.facebook.com https://t.co *.adsymptotic.com *.akamaihd.net https://zs.sc.omtrdc.net *.everesttech.net *.ytimg.com *.googletagmanager.com *.demdex.net *.rlcdn.com; style-src 'self' 'unsafe-inline' https://www.google.co.in/ https://acdn.adnxs.com/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net *.ampproject.org *.buzzsprout.com *.zs.com; font-src 'self' https://www.google.co.in/ https://acdn.adnxs.com/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acdn.adnxs.com/ https://player.vimeo.com/ https://code.jquery.com/jquery-3.5.0.min.js https://i.simpli.fi/ https://pixel.byspotify.com/ping.min.js https://tag.simpli.fi/ *.clarity.ms *.bing.com *.googleapis.com https://cdn.jsdelivr.net https://flow.cience.com *.surveymonkey.com *.go-mpulse.net *.gstatic.com *.google.com *.ampproject.org *.zs.com *.adobe.com *.adobedtm.com *.googletagmanager.com *.demandbase.com https://www.googleadservices.com *.youtube.com *.doubleclick.net *.licdn.com *.google-analytics.com *.ads-twitter.com https://s.ytimg.com *.facebook.net *.hotjar.com *.cookielaw.org *.marketo.net https://analytics.twitter.com *.onetrust.com *.akamaihd.net *.buzzsprout.com https://www.google.co.in/ https://www.faceook.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com *.ceros.com *.zs.com; connect-src https://pixels.spotify.com/ *.adnxs.com https://www.google.co.in/ https://www.faceook.com/ https://acdn.adnxs.com/ https://www.googleadservices.com/ https://www.google.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://pagead2.googlesyndication.com https://assets.adobedtm.com *.linkedin.com *.clarity.ms 'self' *.akstat.io/ *.go-mpulse.net *.bing.com https://vimeo.com/ https://flow.cience.com https://flow.cience.com/api/v1/event* https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://www.facebook.com/privacy_sandbox/topics/registration* https://bat.bing.net/actionp/0?ti=343128404&Ver=2&mid=e17b58ce-5a61-4fbe-b4d4-11b0dee2e440&bo=2&evt=consent&src=default&cdb=AQET&asc=D https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt* *.demandbase.com *.linkedin.oribi.io *.google.com *.ampporject.org *.ampproject.org *.company-target.com *.tt.omtrdc.net *.cookielaw.org *.mktoresp.com *.google-analytics.com *.hotjar.com *.doubleclick.net *.demdex.net *.omtrdc.net *.hotjar.io https://google.com/; worker-src blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
57 domains
zs.com
myzs.com
revelen-zs.com
revelenzs.com
*.myzs.com
atm.zs.com
www.revelen-zs.com
www.revelenzs.com
www.zs.com
zcrm.zs.com
digital-additive.com
www.digital-additive.com
digitaladditive.co
www.digitaladditive.co
digitaladditive.net
www.digitaladditive.net
intomics.com
www.intomics.com
intomics.dk
www.intomics.dk
intomics.eu
www.intomics.eu
intomics.us
www.intomics.us
personalize.ai
www.personalize.ai
samdfactory.com
stillpreserve.com
www.stillpreserve.com
stilpreserve.com
www.stilpreserve.com
www.zaidyn.com
zaidyn.com
www.zs-intomics.com
zs-intomics.com
www.zs-revelen.com
zs-revelen.com
www.zsassociates.com
zsassociates.com
www.zsatlasintelligence.com
zsatlasintelligence.com
www.zsazure.com
zsazure.com
www.zsintomics.com
zsintomics.com
www.zsmaxai.com
zsmaxai.com
www.zsrevelen.com
zsrevelen.com
akamai.zsservices.com
cloudgate.zsservices.com
pagerduty.zsservices.com
platform-boomi.zsservices.com
prismacloud.zsservices.com
uptrends.zsservices.com
www.zsservices.com
zsservices.com
Other domains in certificate