SSL Certificate Analysis for app.arkbm.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=dashboard.xrehab.be

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 18, 2025

Valid Until

March 18, 2026 83 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

06:9F:DE:27:5B:27:9D:C3:3A:88:3D:08:3E:3F:0D:6F:AA:76:17:DE:94:4F:AF:F3:EA:6A:30:1A:85:F4:0B:A1

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

app.arkbm.com

Other domains in certificate

20pence.com

aashnagk.com

savethedate.adamandjo.com

anabiltek.com

www.appskits.com

www.archipelcontent.com

www.auspiciousai.com

apg.aventi.no

dev.jadmin.balearesgroup.com qa.jadmin.balearesgroup.com

bc-scanner.de

biket.store

bobbysarcade.life

app.bookt.co

www.bouncecon.com

www.caseypei.me

cbdata-uat-kiosk.cbdata.cz

go.cermati.com

checklist.pro

kallakurichi.yazhdroptaxi.co.in

kegc.coahwest.com

www.alpacaapps.com.ua

courtneyhaindds.com

cultuurcafedebarriere.be

auth.itg.cxorder.jp

www.davidturnquist.me

communityconnect-lanarkshire.daysix.dev

www.degeneratebaker.com

diptih.hr

www.dnwxs.com

doisnaoito.com

app.drm.co.nz

www.dynasys.fr

ekabit.ru

coderland-scheduler-project.elicecoding.com

enj-studio.com

www.etusersgroup.org

resources.expansive.com

dashboard.flex-net.ly

instameet-user-dev.flotilla.app

friendsofworldmissions.org

www.heatherheadphotography.com

hospitaltohomehandbook.com

mbhub-admin.hub-ev.com

app.investycoon.com

iophysics.online

irankish.de

itzinstitute.com

kineton.app

kossinski.pl

kougar.io

www.krzys.page

www.labcontrol.co

www.lagassa.com.ar

lbrt.net

sim5.lightfile.net

voyager.manaable.com

www.materialised-art-frame.app

nonsequitor.metamagical.dev

hellofresh-qa.mobilenxt.app nox.mobilenxt.app

evolution.mylock.es

namer.ai

neocreatives.io

mvp.ocerizare.ro

octotech.cloud

www.osekiedensafaris.com

www.oubaida.com

www.pack-party.com

payger.info

www.pinpong.agency

piotrcierpial.info

admin.pitaco.in

stg.propo.fm

pt-admin.pumpup.fitness

redlemon.app

ricksperiments.com

robaldovino.com

connect-ng-user-profile.rxoconnectdev.rxo.com

scannerweb.fr

shankarappa.in

cg1hipmjhkp7pipzozi1.smartimob.io

dev.auth.sozi.co.jp

spamcall.app

spd-sx-editor.com

app.stark.money

sunilmankad.in

www.tarunmahajan.com

tasahulalaser.com

psychometric.tclc.co

link.trainin.run

sherpa.turnosweb.app

unrealcoach.com

www.vicensottoimoveis.com.br

wax911.io

www.weighteknicsolution.in

wildsonic.ai

dashboard.xrehab.be

zuperfuncional.com.br