SSL Certificate Analysis for flashparking.com - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=0dad3961.sni.cloudflaressl.com

Issuer

C=US, O=Google Trust Services, CN=WE1

Valid From

January 06, 2026

Valid Until

April 06, 2026 74 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA256

SHA-256 Fingerprint

9F:B0:03:E6:06:3C:CD:6A:DD:AA:7A:FA:36:40:91:67:46:97:A0:F3:89:A1:13:CB:9C:76:3C:1A:C9:D1:FB:1D

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Basic

upgrade-insecure-requests; base-uri; frame-ancestors; +13 more

upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.youtube.com feedback.hubapi.com feedback-eu1.hubapi.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net static.hsappstatic.net *.hubspot.com *.hscta.net *.hubapi.com *.sentry.io *.wistia.net *.wistia.com browser.sentry-cdn.com cdn.jsdelivr.net fast.wistia.com f.vimeocdn.com *.hsforms.com *.googletagmanager.com js.sentry-cdn.com *.hsforms.net *.hscollectedforms.net *.hs-analytics.net *.usemessages.com *.hubspotfeedback.com *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.hs-scripts.com player.vimeo.com src.litix.io tagmanager.google.com vimeo.com *.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' blob: *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn.jsdelivr.net fast.wistia.com fonts.googleapis.com tagmanager.google.com *.googletagmanager.com; object-src embedwistia-a.akamaihd.net; frame-src 'self' play.hubspotvideo.com play-eu1.hubspotvideo.com *.hubspot.net *.hs-sites.com *.hubspot.com *.vimeo.com *.youtube.com *.wistia.com *.wistia.net *.hsforms.com *.hsforms.net *.usemessages.com *.hscollectedforms.net *.hsadspixel.net *.googletagmanager.com; child-src 'self' blob: *.vimeo.com app.hubspot.com *.hsforms.com *.usemessages.com *.hscollectedforms.net *.hsadspixel.net vimeo.com *.googletagmanager.com; img-src 'self' data: *.hsforms.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net no-cache.hubspot.com *.hscta.net *.hubspot.com *.hsforms.com *.vimeocdn.com *.vimeo.com *.wistia.com *.wistia.net *.hubspot.net cdn.jsdelivr.net embedwistia-a.akamaihd.net fonts.gstatic.com *.googletagmanager.com; font-src 'self' data: *.wistia.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com; connect-src 'self' hubspot-forms-static-embed.s3.amazonaws.com *.google-analytics.com *.hscta.net *.hubspot.com *.hs-banner.com *.wistia.com *.litix.io *.sentry.io *.hubapi.com cdn.jsdelivr.net embedwistia-a.akamaihd.net *.hscollectedforms.net fonts.gstatic.com fonts.googleapis.com *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hubspotfeedback.com *.hsleadflows.net *.usemessages.com sentry.io vimeo.com *.googletagmanager.com; manifest-src 'self'; form-action 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.vimeo.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net vimeo.com; worker-src 'self' blob:;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Present

geolocation=(), sync-xhr=(), accelerometer=(), gyroscope=(), magnetometer=(), camera=(), microphone=(), payment=(), fullscreen=(), display-capture=()

Recommendations

• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

flashparking.com

Other domains in certificate

0dad3961.sni.cloudflaressl.com