SSL Certificate Analysis for app.cloudcraft.co - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 14

AWS CloudFront

AWS Certificate Manager

BootstrapCDN

Cloudflare CDNJS Active incidents

Datadog

Google Analytics

Google API JS Client

Google Fonts

Google Hosted Libraries

Google Sign-In

Google Tag Manager

Pusher

Stripe

Google Cloud Storage

Certificate Information

Subject

CN=cloudcraft.co

Issuer

C=US, O=Amazon, CN=Amazon RSA 2048 M04

Valid From

May 06, 2026

Valid Until

November 19, 2026 192 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

80:99:87:88:1A:51:E8:55:E1:6B:96:CE:44:56:4F:77:AA:33:FD:8F:73:15:0A:AC:7A:7F:65:77:B8:B3:8A:E4

Alternative Names

3 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; style-src; +8 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Excellent

deny

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

amazonaws.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

3 domains

cloudcraft.co app.cloudcraft.co www.cloudcraft.co