SSL Certificate Analysis for fantown.net - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=www.getgoing.co.id

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 13, 2025

Valid Until

March 13, 2026 60 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

2D:04:78:20:ED:C6:3E:36:3F:3F:99:F0:01:BB:9A:EC:CC:78:2E:42:39:74:5F:41:EF:00:7C:9A:6A:74:E4:5B

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

fantown.net

Other domains in certificate

7directionsksa.com

honghock.acuizen.com

portal.airpaypos.com

akad-pbg.com

www.alphaandmore.com

altamiraresponde.com

www.amry.dev

gustav.apparat.no

so-active.appointb.ch

www.aradone.me

asmaabahy.dev

astrablue.eu

www.betso88.net

shoebox-dev.beyonary.com

www.bible-essenienne.org

frd.bienparabien.dev

www.bluedotecommerce.com

boxall.in

brock-pro.com

brunne.guru

brusfri.com

dev-barclays.cake-lp.com

carma.green

www.carmentalabs.com

mfe.castingapp.com

choubeyshubham.in

www.getgoing.co.id

ai-world.co.kr

codelegs.com

couragile.com

www.dailymobapps.com

dalgamuni.me

www.deftkey.com

demical.org

account.digitalprescriptionmaker.com

toy.disneymirrorverse.com

dmaenergysolutions.com

www.driveproducteurs.fr

business.easywego.com

egosaautos.co.uk

eng2ukr.com

ethansayers.com

hw.feli.page

moked.gadsluchiot.com

gadzetspro.com

galaxy-tale.net

www.gcodeanalyser.com

business.geminitradesolutions.com

www.gnexsystems.in

unluegitimportali.gulenayva.com

www.helpsl.net

holihire.com

m25limitada.impactwrap.com

innovationsenterprises.com

topvideo.itadaki.monster

jacobcraven.com

jasandy.com

json-format.org

secondlife.ktw.jp

www.loreum.network

lovecos.me

www.mcsquareusa.com

www.memosai.app

michalismichaelid.es

try.misinfogame.com

mistyblue.bar

naxosglass.gr

www.netica.fr

www.pairbytes.com

app.phoebeapp.com

projectomanagers.com

psychotrychologia.com

www.purim.app

poscube.qfix.ai

app.reserve-cake.jp

rewebtools.com

ronimor.rezidnet.com

www.richardleivers.com

rjstudyguides.com

carrier.rxoconnectdev.rxo.com

aarhus.scouthub.app

sethdavis.net

cardinalsfordtailgateadmin.sqwadhq.com

www.studiopigglepsicologia.com

my.tascom.io

thiagocosta.miami

arvores.tomasgoncalves.me

stageapp.trydownstream.com

survey.unicornsurvey.com

universalsikh.com

usercentred.services

ensolpigsweb.venttu.com

vmandcompany.in

nerve.wanke.jetzt

lmslink.webmobtech.biz

vue.weiming.me

www.wplan.si

campamento.wumbox.com