SSL Certificate Analysis for galar.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=therumplum.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 24, 2025

Valid Until

March 24, 2026 60 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

37:2F:5F:1B:C7:81:16:9E:DC:D5:CD:E3:82:39:C1:8D:55:6C:63:46:DF:93:BF:A9:9A:FE:63:D3:90:28:7C:D2

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

galar.com

Other domains in certificate

admin-rent-a-car.29easyrent.com

www.angelasette.com

www.appacus.hr

artofchoice.xyz

www.baerway.com

www.baytech.nl

noframe.bridgevds.com

bueccs.in

www.cadatel.com

cal2009.app

calfi.in

www.canalstreet.se

painel.carbee.top

stage.revenue.careglp.com

dev2.cleantie.com

mmk5.businesspackage.co.kr

coindxd.one

colavo.me

support.goautomate.com.my

cryptoadvisor.ai

magic.decodedetroit.com

deeplearnjs.org

www.diagnosity.in

dobrobycie.pl

q2-my.dpd.co.uk

q2-track.dpdlocal.co.uk

ake.egevad.se

www.epgsoft.com

mes-commandes.fayafree.com

felipeloyola.dev

links.dev.foxy.in

www.friendlyreasonablesoftware.com

pikaso.fyne.games

garryexim.in

email.getzaya.app

gocardume.com

e.grandpera.com

www.frame.hallobon.nl

instatiles.co.uk

jette.inwatec.dk

evaluation.trustagent.io.vn

www.isara.dev

www.new-auth.k-9apps.com

www.kienzlerpoolservices.com

www.kmo.hr

koran.center

laundry.kurzer.de

littlelatinos.co.uk

www.lizdresser.com

logandevelopment.io

alarm-im-all.martinloretz.com

pro.mayamd.ai

melissa-soto.com

www.mfuchs.dev

prime.modernatx.com

www.mohan.dev

www.mosharif.xyz

black.muniuday.com

qr.alsagheer.myzeal.app

www.newslang.app

papa-franco.nextorder.com

www.numrig.com

www.oneclock.mx

opertools.com

blog.passiver.ai

playrafiki.com

www.rareintelligence.ai

redeaglestudios.net

www.relions.nl

cast4.rotaractmora.org

rptracker.com

redirect.saamagree.in

www.sbe.re

seller-dash.setscale.com

shamrockeximworld.com

v1.sipl.dev

aquila.sjc.co.za

cvb.snnanalytics.com

vantage-ira.solerabank.com

earlyaccess.sparkdj.com

spezos.com

wallet.steaksoft.net

showcase.studentpride.co.uk

sutrisnoengineering.com

social.taigmaccarthy.com

menu.tastio.com

teknique.xyz

thecleanmate.com

therumplum.com

www.toyzoneqa.com

invest.ubives.com

ucono.me

links-staging.united-heroes.com

vadigimedia.com

buzzer.vitterso.net

sms.voicenext.com

webdevelopland.com

willistontechnical.com