SSL Certificate Analysis for id.advertisercommunity.com - Security Grade & TLS Configuration

Open Cached · just now

86/100 SECURITY SCORE

Certificate Information

Subject

CN=misc-sni.google.com

Issuer

C=US, O=Google Trust Services, CN=WR2

Valid From

October 13, 2025

Valid Until

January 05, 2026 60 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

2D:92:A5:2D:0F:FF:B0:4F:F3:DB:FB:DB:F0:A2:CE:16:40:2A:92:FA:98:37:F1:FA:3E:00:F9:82:BC:BF:29:96

Alternative Names

331 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains

Content-Security-Policy

Basic

object-src; base-uri; script-src; +1 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

331 domains

Other domains in certificate

abc.xyz *.abc.xyz

adsense.com www.adsense.com

adsensecustomsearchads.com *.adsensecustomsearchads.com

adsenseformobileapps.com

alphanucleo.google *.alphanucleo.google

amie.google *.amie.google

ampcache.com *.ampcache.com

ampproject.com *.ampproject.com

ampproject.net *.ampproject.net *.recaptcha.ampproject.net

ampproject.org *.ampproject.org *.cdn.ampproject.org

androidify.com *.androidify.com

app-ads-services.com *.app-ads-services.com

source.bazel.build *.source.bazel.build

brocaproject.com *.brocaproject.com

channel-app.google

*.backstory-staging.chronicle.security *.backstory.chronicle.security chronicle.security *.chronicle.security looker-staging.chronicle.security *.looker-staging.chronicle.security looker.chronicle.security *.looker.chronicle.security

chronicleforgood.com *.chronicleforgood.com

*.backstory.chroniclesec.com chroniclesec.com *.chroniclesec.com

*.au.cloud.google *.autopush-global.accountverification.cloud.google *.backupdr-autopush.cloud.google *.backupdr-dev.cloud.google *.backupdr-sandbox.cloud.google *.backupdr-staging.cloud.google *.backupdr.cloud.google *.ca.cloud.google cloud.google *.cloud.google *.composer-dev.cloud.google *.composer-qa.cloud.google *.composer-staging.cloud.google *.composer.cloud.google console.au.cloud.google console.ca.cloud.google console.eu.cloud.google console.il.cloud.google console.in.cloud.google console.it.cloud.google console.jp.cloud.google console.sa.cloud.google console.uk.cloud.google console.us.cloud.google *.datafusion-api-dev.cloud.google *.datafusion-api-staging.cloud.google *.datafusion-api.cloud.google *.datafusion-dev.cloud.google *.datafusion-staging.cloud.google *.datafusion.cloud.google *.dataproc-image-staging.cloud.google *.dataproc-staging.cloud.google *.dataproc-test.cloud.google *.dataproc.cloud.google *.eu.cloud.google *.global.accountverification.cloud.google *.il.cloud.google *.in.cloud.google *.it.cloud.google *.jp.cloud.google *.notebooks.cloud.google *.sa.cloud.google *.staging-global.accountverification.cloud.google *.uk.cloud.google *.us.cloud.google

cloudyoryx.dev *.cloudyoryx.dev

*.earthengine.google.co.in

codewiki.google

crossmediapanel.com *.crossmediapanel.com

crowdcalling.google

dataliberation.org *.dataliberation.org

digitalassetlinks.org *.digitalassetlinks.org

domains.google *.domains.google

duetai.google *.duetai.google

eageroryx.dev *.eageroryx.dev

earlydays.google *.earlydays.google

engineering.google *.engineering.google

fastlane.ci

floonet.goog *.floonet.goog

g.dev *.g.dev

g.page *.g.page

*.de.gateway.dev *.ew.gateway.dev *.gateway.dev *.uc.gateway.dev

gmbads.gle *.gmbads.gle

go-lang.com *.go-lang.com

go-lang.net *.go-lang.net

go-lang.org *.go-lang.org

golang.com *.golang.com

golang.net *.golang.net

golang.org *.golang.org

app.goo.gl *.app.goo.gl

*.dev.google-syndication.com *.google-syndication.com *.staging.google-syndication.com

golang.google.cn *.golang.google.cn

*.googleacquisitionmigration.com

googleblog.com *.googleblog.com

googlecert.net *.googlecert.net

googlestore.com www.googlestore.com

grow.google *.grow.google

*.gvt5.com

hats.goog *.hats.goog

hey.gle *.hey.gle

iamremarkable.org www.iamremarkable.org

*.autopush-global.identityplatform.google *.autopush-qual-global.identityplatform.google *.global.identityplatform.google identityplatform.google *.identityplatform.google *.staging-global.identityplatform.google *.staging-qual-global.identityplatform.google

lanternal.com *.lanternal.com

lers.google

macservice.goog *.macservice.goog

makersuite.google *.makersuite.google

nel.goog *.nel.goog

nomulus.foo *.nomulus.foo

notebooklm.google

ok.gle *.ok.gle

ordering.page *.ordering.page

payment.goog *.payment.goog

picasaweb.com *.picasaweb.com

picasaweb.net *.picasaweb.net

picasaweb.org *.picasaweb.org

picnik.com *.picnik.com

pixate.com www.pixate.com

pki.goog *.pki.goog

play.space *.play.space

*.podcasts.goog

projectgomie.google *.projectgomie.google

rbm.goog *.rbm.goog

registry-qa.google support.registry-qa.google www.registry-qa.google

registry-sandbox.google support.registry-sandbox.google www.registry-sandbox.google

registry.google support.registry.google www.registry.google

research.youtube *.research.youtube

savethedate.foo *.savethedate.foo

searchingforsyria.org *.searchingforsyria.org

share.google *.share.google

songwriters.youtube *.songwriters.youtube

sprayscape.com www.sprayscape.com

tfhub.dev *.tfhub.dev

thegooglestore.com www.thegooglestore.com

tiltbrush.com *.tiltbrush.com

travel.google *.travel.google

gapi.waze.com

pagespeed.web.dev

issues.webmproject.org *.issues.webmproject.org webmproject.org *.webmproject.org

webpkgcache.com *.webpkgcache.com

bugs.webrtc.org code.webrtc.org issues.webrtc.org *.issues.webrtc.org

workinxr.dev *.workinxr.dev

xn--ngstr-lra8j.com *.xn--ngstr-lra8j.com

xplr.co *.xplr.co

zynamics.com *.zynamics.com