SSL Certificate Analysis for api.carrona.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=stpauls.co

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 04, 2026

Valid Until

May 05, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E0:64:9E:6F:E8:EC:64:5B:E7:07:81:24:3F:26:37:52:F7:DF:34:64:27:71:D2:13:12:AE:CB:91:0B:8E:0F:D7

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

carrona.com *.carrona.com *.api.carrona.com *.ww1.carrona.com *.ww17.carrona.com

Other domains in certificate

christianvieri.com *.christianvieri.com *.ww42.christianvieri.com

*.centrorisorse.cursooficial.com *.corespeitoalpha.cursooficial.com cursooficial.com *.cursooficial.com *.quedadecabelotratamento.cursooficial.com *.respeitoalpha.cursooficial.com *.saveindustrialbrooklyn.cursooficial.com *.thenewinnroughton.cursooficial.com

fitnessfitfocus.run *.fitnessfitfocus.run

fitnessstrengthmindset.run *.fitnessstrengthmindset.run

fitnessthrivemode.club *.fitnessthrivemode.club

franges.com *.franges.com

*.09c1f81.grepao.com *.521e.grepao.com *.528003.grepao.com *.5bf.grepao.com *.6076.grepao.com *.6c8.grepao.com *.732.grepao.com *.84.grepao.com *.a39fb.grepao.com *.a5.grepao.com *.b5395396.grepao.com *.b831.grepao.com *.bc93.grepao.com *.f0.grepao.com grepao.com *.grepao.com *.socep9f.grepao.com

*.db1.hamveggie.com hamveggie.com *.hamveggie.com

*.3454.jewelerynetwork.com jewelerynetwork.com *.jewelerynetwork.com *.jingchuan.jewelerynetwork.com *.staging.jewelerynetwork.com

*.5356-apple-ridge-place.kopislot.club *.essential-travel-tip.kopislot.club *.every-delivery-is-extra.kopislot.club *.jnpsorab.kopislot.club *.kfcuj.kopislot.club kopislot.club *.kopislot.club *.mtrwzt.kopislot.club *.well-his-wife-emend-his-manuscript.kopislot.club

*.dev.metaphown.com metaphown.com *.metaphown.com *.staging.metaphown.com

*.crm.stpauls.co stpauls.co *.stpauls.co

*.dashboard-ci.strmrdrfroob.click *.dashboard.strmrdrfroob.click *.ia.strmrdrfroob.click *.id.strmrdrfroob.click *.ifr.strmrdrfroob.click *.iframe.strmrdrfroob.click *.iframer.strmrdrfroob.click *.insight.strmrdrfroob.click *.preview-insight.strmrdrfroob.click *.sandbox-superset.strmrdrfroob.click *.sandbox.strmrdrfroob.click *.staging-analytic.strmrdrfroob.click strmrdrfroob.click *.strmrdrfroob.click

*.poczta.swiftdiamondriders.com swiftdiamondriders.com *.swiftdiamondriders.com

*.ijpvbww38.taihengshop.com taihengshop.com *.taihengshop.com

*.api.thejuicediet.com *.assets.thejuicediet.com thejuicediet.com *.thejuicediet.com *.ww1.thejuicediet.com