SSL Certificate Analysis for com.rokuapp.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=rokuapp.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 29, 2026

Valid Until

April 29, 2026 61 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

76:0A:45:1A:8D:08:D3:97:E3:C6:24:B4:17:0D:B2:FD:B1:3E:3B:A1:94:F9:CF:8C:58:C4:47:D9:EB:83:D6:28

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

rokuapp.com *.rokuapp.com *.115.rokuapp.com *.145.rokuapp.com *.149.rokuapp.com *.audm.rokuapp.com *.bstnma.rokuapp.com *.com.rokuapp.com *.cust.rokuapp.com *.driveandlisten.rokuapp.com *.drivenlisten.rokuapp.com *.he.rokuapp.com *.herouapp.rokuapp.com *.hostmaster.rokuapp.com *.ludicrous.rokuapp.com *.netfront.rokuapp.com *.random.rokuapp.com *.rustore.rokuapp.com *.sitemap.rokuapp.com *.upc-f.rokuapp.com *.us-east-1.rokuapp.com *.ww25.rokuapp.com

Other domains in certificate

*.asongstore.baherbmc.com baherbmc.com *.baherbmc.com *.cpcalendars.baherbmc.com *.dhexnmail.baherbmc.com *.haluumanstore.baherbmc.com *.hjmiatitextile.baherbmc.com *.mail.baherbmc.com *.webdisk.baherbmc.com *.webmail.baherbmc.com

bander.live *.bander.live

borderline.world *.borderline.world

cars-recovery-london.co.uk *.cars-recovery-london.co.uk

cymbals.com.au *.cymbals.com.au

dailyshopp.cyou *.dailyshopp.cyou

h5d3.shop *.h5d3.shop

leaingtime.de *.leaingtime.de

*.ftp.maxiptv.store *.mail.maxiptv.store maxiptv.store *.maxiptv.store

*.bathroomremodelcostmidland.midlandtxconstruction.com midlandtxconstruction.com *.midlandtxconstruction.com *.waterdamagerestorationmidland.midlandtxconstruction.com

drbrcollegemau.org.in *.drbrcollegemau.org.in

*.mail.organstanley.com *.mydesk.organstanley.com organstanley.com *.organstanley.com *.ww38.organstanley.com

*.admin.pellebs.com *.com.pellebs.com *.dl.pellebs.com pellebs.com *.pellebs.com *.srv.pellebs.com

rkbh44158.com *.rkbh44158.com

roughstockstudios.com *.roughstockstudios.com

serenacomunicazione.com *.serenacomunicazione.com *.smtp.serenacomunicazione.com *.ww25.serenacomunicazione.com

strohlehm.de *.strohlehm.de

*.m.turnir999.sbs *.sitemaps.turnir999.sbs turnir999.sbs *.turnir999.sbs

tvchaosuk.me *.tvchaosuk.me

winnie.bio *.winnie.bio

wwwgdata.de *.wwwgdata.de

*.ww25.xpresscentres.co.uk xpresscentres.co.uk *.xpresscentres.co.uk