DNS Gurus

SSL/TLS Analysis for android.com

Analyzed on November 02, 2025 at 18:30 UTC

Security Score
84 / 100

Certificate Information

Subject
CN=*.google.com
Issuer
C=US, O=Google Trust Services, CN=WR2
Valid From
October 13, 2025
Valid Until
January 05, 2026 63 days
Public Key
ECDSA 256 bit (P-256) Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
AA:D4:E9:5C:D4:70:A7:86:45:DE:62:83:82:60:F9:B9:46:CF:40:73:19:FA:3B:01:A9:7E:9B:32:24:EE:57:EC
Alternative Names
138 domains

Security Configuration

TLS Protocols
TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)
Warnings
  • TLS 1.1 is deprecated and should be disabled
  • TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
script-src; object-src; report-uri; +1 more
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Configured (Restricts certificate issuance)
Current Issuer
Authorized (Matches CAA policy)
Authorized CAs
pki.goog
Recommendations
  • Consider using critical flag (flags=128) for stricter CAA enforcement
  • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
  • Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

138 domains
android.com *.android.com *.flash.android.com

Other domains in certificate

2mdn-cn.net *.2mdn-cn.net
admob-cn.com *.admob-cn.com
ai.android
app-measurement-cn.com *.app-measurement-cn.com
*.bdn.dev *.origin-test.bdn.dev
*.google.co.in
*.google.com.tr
*.google.com.vn
dartsearch-cn.net *.dartsearch-cn.net
doubleclick-cn.net *.doubleclick-cn.net *.fls.doubleclick-cn.net *.g.doubleclick-cn.net
doubleclick.cn *.doubleclick.cn *.fls.doubleclick.cn *.g.doubleclick.cn
g.cn *.g.cn
g.co *.g.co
ggpht.cn *.ggpht.cn
gkecnapps.cn *.gkecnapps.cn
goo.gl www.goo.gl
google-analytics-cn.com *.google-analytics-cn.com
google-analytics.com *.google-analytics.com
*.google.ca
*.google.cl
*.android.google.cn *.chrome.google.cn *.developers.google.cn
*.google.co.jp
*.google.co.uk
*.aistudio.google.com android.clients.google.com *.appengine.google.com *.cloud.google.com *.crowdsource.google.com *.datacompute.google.com *.gemini.cloud.google.com google.com *.google.com *.url.google.com
*.google.com.ar
*.google.com.au
*.google.com.br
*.google.com.co
*.google.com.mx
*.google.de
*.google.es
*.google.fr
*.google.hu
*.google.it
*.google.nl
*.google.pl
*.google.pt
googleadservices-cn.com *.googleadservices-cn.com
googleapis-cn.com *.googleapis-cn.com
*.googleapis.cn
googleapps-cn.com *.googleapps-cn.com
googlecnapps.cn *.googlecnapps.cn
googlecommerce.com *.googlecommerce.com
googledownloads.cn *.googledownloads.cn
googleflights-cn.net *.googleflights-cn.net
googleoptimize-cn.com *.googleoptimize-cn.com
googlesandbox-cn.com *.googlesandbox-cn.com *.safenup.googlesandbox-cn.com
googlesyndication-cn.com *.googlesyndication-cn.com *.safeframe.googlesyndication-cn.com
googletagmanager-cn.com *.googletagmanager-cn.com
googletagservices-cn.com *.googletagservices-cn.com
googletraveladservices-cn.com *.googletraveladservices-cn.com
googlevads-cn.com *.googlevads-cn.com
*.googlevideo.com
*.gstatic-cn.com
*.gstatic.cn
*.gstatic.com *.metric.gstatic.com
gvt1-cn.com *.gvt1-cn.com
*.gcpcdn.gvt1.com *.gvt1.com
gvt2-cn.com *.gvt2-cn.com
*.gcp.gvt2.com *.gvt2.com
ampproject.net.cn *.ampproject.net.cn recaptcha.net.cn *.recaptcha.net.cn
ampproject.org.cn *.ampproject.org.cn
recaptcha-cn.net *.recaptcha-cn.net
urchin.com *.urchin.com
widevine.cn *.widevine.cn
youtu.be
*.youtube-nocookie.com
music.youtube.com *.music.youtube.com youtube.com *.youtube.com
youtubeeducation.com *.youtubeeducation.com
youtubekids.com *.youtubekids.com
yt.be *.yt.be
*.ytimg.com