SSL Certificate Analysis for aff.appledada.com - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=gcloud.website

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 29, 2025

Valid Until

March 29, 2026 42 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

77:E8:4B:D4:79:47:52:B4:DC:EB:AD:4D:54:46:38:9A:F6:08:21:95:04:B2:01:63:FA:70:4D:48:21:BB:6B:26

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

appledada.com *.appledada.com *.aff.appledada.com *.bt.appledada.com *.id.appledada.com *.tq.appledada.com

Other domains in certificate

avzfss.com *.avzfss.com *.www1.avzfss.com

cloud9.blog *.cloud9.blog *.data.cloud9.blog *.insight.cloud9.blog *.random.cloud9.blog

cloudaiaas.com *.cloudaiaas.com

*.dc-12d1a5fb11ed.gcloud.website gcloud.website *.gcloud.website *.hostmaster.gcloud.website *.mail.gcloud.website *.ns1.gcloud.website *.ns2.gcloud.website

gurudride.com *.gurudride.com *.random.gurudride.com *.ww25.gurudride.com

*.amang.ischemia.com *.ildcard.ischemia.com ischemia.com *.ischemia.com *.kitan.ischemia.com *.random.ischemia.com *.whewl.ischemia.com

*.bcpos.mysyncrhrony.com mysyncrhrony.com *.mysyncrhrony.com

pausselaluterbaik.store *.pausselaluterbaik.store *.ww25.pausselaluterbaik.store

*.demo.plagiarsmdetector.net *.hostmaster.plagiarsmdetector.net *.old.plagiarsmdetector.net plagiarsmdetector.net *.plagiarsmdetector.net *.staging.plagiarsmdetector.net *.test.plagiarsmdetector.net

princeedwardislandmarathon.com *.princeedwardislandmarathon.com *.ww38.princeedwardislandmarathon.com

rbellconstruction.co.uk *.rbellconstruction.co.uk

reppvibez.store *.reppvibez.store *.ww38.reppvibez.store

*.blog.ricardogarcia7.online *.br.ricardogarcia7.online ricardogarcia7.online *.ricardogarcia7.online *.shzqnblog.ricardogarcia7.online *.ww25.ricardogarcia7.online

table6.com *.table6.com *.ww17.table6.com

*.ccms.theee.com *.random.theee.com *.te.theee.com theee.com *.theee.com

*.m.vegasplus.club vegasplus.club *.vegasplus.club *.ww38.vegasplus.club

*.hostmaster.wwwnationallife.com wwwnationallife.com *.wwwnationallife.com

*.cdn.yemektarifleri-sitesi.com *.deneme.yemektarifleri-sitesi.com *.img.yemektarifleri-sitesi.com *.ns1.yemektarifleri-sitesi.com *.static.yemektarifleri-sitesi.com *.ww25.yemektarifleri-sitesi.com *.ww38.yemektarifleri-sitesi.com yemektarifleri-sitesi.com *.yemektarifleri-sitesi.com *.yxx.yemektarifleri-sitesi.com

*.emv1.ymca-setouchi.org ymca-setouchi.org *.ymca-setouchi.org