Open
Cached
·
1h ago
89/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 85, 83>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 8, 68, 101, 108, 97, 119, 97, 114, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=4431830, C=US, ST=California, L=San Jose, O=Zscaler, Inc., CN=www.zscaler.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert EV RSA CA G2
Valid From
January 25, 2025
Valid Until
February 23, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
AB:D9:17:FA:F1:CA:8D:96:75:2C:B7:52:6C:F4:8A:34:5E:89:82:73:00:4A:35:52:12:A5:C8:44:46:04:31:5C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; img-src; script-src; +8 more
default-src 'none' 'self' strict-dynamic https://*.liadm.com; img-src 'self' fast.wistia.com https: data: blob: https://*.pathfactory.com https://explore.zscaler.com https://*.qualified.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/analytics.js/v1/ https://js.zi-scripts.com/zi-tag.js *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co https://www.clarity.ms/ https://ajax.googleapis.com/ https://cdn.rudderlabs.com/ https://*.pathfactory.com https://tags.srv.stackadapt.com/ https://zscaler.piwik.pro/ https://explore.zscaler.com https://js.storylane.io https://www.redditstatic.com/ https://js.qualified.com blob: https://s3-us-west-2.amazonaws.com/b2bjsstore/b/Z6PVLHPZV26R/Z6PVLHPZV26R.js.gz https://a.usbrowserspeed.com/cs https://ddwl4m2hdecbv.cloudfront.net/b/ https://b-code.liadm.com/lc2.js https://rp.liadm.com idx.liadm.com https://idx.liadm.com https://layer.zscaler.com; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com https://*.pathfactory.com https://explore.zscaler.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com https://*.pathfactory.com https://explore.zscaler.com https://tags.srv.stackadapt.com/ https://zscaler.piwik.pro/ https://*.qualified.com; connect-src 'self' blob: https://api.segment.io https://cdn.segment.com https://pixels.spotify.com/v1/ingest https://privacyportal.onetrust.com/request/v1/consentreceipts 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://1cc736ed757d4e24b91428e20d3e43f8.us-west-1.aws.found.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://www.facebook.com/tr/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co https://t.clarity.ms/collect https://px.ads.linkedin.com/ https://api.rudderstack.com https://analytics.revsure.cloud https://*.pathfactory.com https://explore.zscaler.com https://tags.srv.stackadapt.com/ https://zscaler.piwik.pro/ https://*.qualified.com wss://*.qualified.com https://www.redditstatic.com/ https://pixel-config.reddit.com/ https://conversions-config.reddit.com/ 'strict-dynamic' https://pro.ip-api.com https://alocdn.com/c/vn3d8u2u/a/xtarget/p.json https://*.liadm.com https://9xgnrndqve.execute-api.us-west-2.amazonaws.com https://a.usbrowserspeed.com https://layer.zscaler.com; media-src https://cms.zscaler.com https://app.storylane.io https://app.storylane.io/demo https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://*.qualified.com; worker-src 'self' blob: ; frame-src 'self' blob: https://app.storylane.io https://app.storylane.io/demo e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/ https://app.netlify.com/ https://*.adroll.com/ https://explore.zscaler.com https://zscaler.my.site.com https://www.googletagmanager.com/ https://zscaler784.outgrow.us https://*.qualified.com; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/ https://zscaler.pathfactory.com https://explore.zscaler.com https://zscaler.my.site.com; child-src https://*.qualified.com;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance