SSL Certificate Analysis for aospguru.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=invitation-service-en.staging.tada.dev

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 10, 2025

Valid Until

January 08, 2026 37 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A8:F3:97:84:A7:6E:8D:3B:A0:EB:F3:2A:97:56:47:30:7F:C9:B0:15:36:BF:0C:7E:24:73:67:D6:20:FC:A2:3E

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

aospguru.com

Other domains in certificate

www.3weekwanderlust.com

meets.acami.io

actioavvocati.it

alternance.ad-education.com

www.alkagupta.in

angryjoesbbq.ca

admin.adam.anyware.software

www.appstrm.co.uk

portal.appzi.com

arjitsingh.com

test.atlaensino.com

banglafighter.com

to.beat81.com

www.bio-ernte.de

brainybeads.com

dyl.bubblepod.it

www.bullecoliving.com

staging2.chatmyorder.com

activate.cloudbcp.com

retail.bwinners.co.zw

checkin.compli.nl

contadoreslaplata.com.ar

clms-test.cyberloop.ai

dartsforall-staging-d547a.dartslive.com

deepco.dev

devamsinternational.com

www.dfsign.co

www.dherault.com

digital-anomaly.com

www.digitomy.tech

wdi.for.dinii.jp

app2.drafters.info

www.elsa-app.de

explorekids.in

www.geevo.com.br

gestuet-steilfels.de

en.gliderlogbook.de

pksc-dev.gysite.in

hcws.info

www.helenhe.co

app.jetproposal.com

www.jiten.me

jpractice.com

kardespayi.org

kettlebellgyor.hu

ytcomment.kickedmycat.com

www.laboratorioclinicosibre.com

laika.studio

leyline.im

luizmoura.me

markey.pro

masjidmartigny.ch

www.mcsolcraft.online

store.mebooks.co

p2p-dev.micromal.net

www.mo0.kr

momentalosh.me

msr-krankentransport.de

blog-archives.murakamilab-nit-kagawa.org

agendar.mymoons.mx

dev.app.nahaus.de

www.nauticwavesmarine.com

workbook.nucor.report

www.odpqbo.com

invite.onebuddy.in

studio.oslojazz.no

www.pakketpakket.nl

links.papajohns.ru

www.playtelematics.com

auth.saml.iris.premise.com

www.primosti.com.br

business.quarpay.io

sce2yh-alpha.rayark-pass.net

www.reasonedbuy.com

reminexa.dk

app.reservespots.com

www.rileybrownprojects.com

mise.scottbenton.dev

www.septanteminutes.be

silapok.com

www.spoiledrobots.com

macutriviaseg1.sqwadhq.com

invitation-service-en.staging.tada.dev

www.taxiphuketdriver.com

field.tbm-binni.app

teatrotierra.org

www.tkyko13.net

www.todosenbus.com

transmetricsplus.com

tsk.si

fes.tst0eplus.jp

tylergordon.ca

admin.recargaonline.ubertrans.com.br

www.unseeneternal.com

veryniche.dev

conference3.volunteer-vision.com

www.waterside.tools

whitefalconadvisors.com

yuhanliu.me