SSL Certificate Analysis for search.translate.goog - Security Grade & TLS Configuration | DNS Gurus

Open Cached · just now

78/100 SECURITY SCORE

Certificate Information

Subject

CN=*.googleusercontent.com

Issuer

C=US, O=Google Trust Services, CN=WR2

Valid From

October 13, 2025

Valid Until

January 05, 2026 53 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

39:66:3E:DC:C6:9D:D6:FD:9E:62:46:8B:14:F9:F2:FD:70:E8:B1:C0:2B:C6:45:C3:3A:86:DE:D3:E3:30:1E:DE

Alternative Names

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

145 domains

translate.goog *.translate.goog *.search.translate.goog

Other domains in certificate

blogspot.com *.blogspot.com bp.blogspot.com *.bp.blogspot.com

doubleclickusercontent.com *.doubleclickusercontent.com

ggpht.com *.ggpht.com

manifest.lh3.photos.google.com

*.appspot.com.storage.googleapis.com commondatastorage.googleapis.com *.commondatastorage.googleapis.com *.content-storage-download.googleapis.com *.content-storage-p2.googleapis.com *.content-storage-upload.googleapis.com *.content-storage.googleapis.com *.storage-download.googleapis.com storage-p2.googleapis.com *.storage-p2.googleapis.com *.storage-upload.googleapis.com storage.googleapis.com *.storage.googleapis.com storage.mtls.googleapis.com

googledrive.com *.googledrive.com

*.googlesyndication.com *.safeframe.googlesyndication.com

*.aiplatform-notebook.googleusercontent.com *.aiplatform-training.byoid.googleusercontent.com *.aiplatform-training.googleusercontent.com *.apps.googleusercontent.com *.audiobook-additional-material-staging.googleusercontent.com *.audiobook-additional-material.googleusercontent.com *.backupdr-autopush.byoid.googleusercontent.com *.backupdr-autopush.googleusercontent.com *.backupdr-dev.byoid.googleusercontent.com *.backupdr-dev.googleusercontent.com *.backupdr-sandbox.byoid.googleusercontent.com *.backupdr-sandbox.googleusercontent.com *.backupdr-staging.byoid.googleusercontent.com *.backupdr-staging.googleusercontent.com *.backupdr.byoid.googleusercontent.com *.backupdr.googleusercontent.com *.byoid.googleusercontent.com *.cloudshell.googleusercontent.com *.cloudworkstations.googleusercontent.com *.composer-dev.byoid.googleusercontent.com *.composer-dev.googleusercontent.com *.composer-qa.byoid.googleusercontent.com *.composer-qa.googleusercontent.com *.composer-staging.byoid.googleusercontent.com *.composer-staging.googleusercontent.com *.composer.byoid.googleusercontent.com *.composer.googleusercontent.com *.datafusion-api-dev.byoid.googleusercontent.com *.datafusion-api-dev.googleusercontent.com *.datafusion-api-staging.byoid.googleusercontent.com *.datafusion-api-staging.googleusercontent.com *.datafusion-api.byoid.googleusercontent.com *.datafusion-api.googleusercontent.com *.datafusion-dev.byoid.googleusercontent.com *.datafusion-dev.googleusercontent.com *.datafusion-staging.byoid.googleusercontent.com *.datafusion-staging.googleusercontent.com *.datafusion.byoid.googleusercontent.com *.datafusion.googleusercontent.com *.dataplex-dev.googleusercontent.com *.dataplex-staging.googleusercontent.com *.dataplex.googleusercontent.com *.dataproc-image-staging.byoid.googleusercontent.com *.dataproc-image-staging.googleusercontent.com *.dataproc-staging.byoid.googleusercontent.com *.dataproc-staging.googleusercontent.com *.dataproc-test.byoid.googleusercontent.com *.dataproc-test.googleusercontent.com *.dataproc.byoid.googleusercontent.com *.dataproc.googleusercontent.com *.dev.amp4mail.googleusercontent.com *.fuchsia-updates-autopush-qual.googleusercontent.com *.fuchsia-updates-autopush.googleusercontent.com *.fuchsia-updates-dev.googleusercontent.com *.fuchsia-updates-staging.googleusercontent.com *.fuchsia-updates.googleusercontent.com *.gcc.googleusercontent.com googleusercontent.com *.googleusercontent.com *.gsc.googleusercontent.com *.kernels-staging.googleusercontent.com *.kernels-test.googleusercontent.com *.kernels.googleusercontent.com *.machinelearningtools-autopush.googleusercontent.com *.machinelearningtools-dev.googleusercontent.com *.machinelearningtools-staging.googleusercontent.com *.machinelearningtools.googleusercontent.com manifest.c.mail.googleusercontent.com manifest.lh3-da.googleusercontent.com manifest.lh3-db.googleusercontent.com manifest.lh3-dc.googleusercontent.com manifest.lh3-dd.googleusercontent.com manifest.lh3-de.googleusercontent.com manifest.lh3-df.googleusercontent.com manifest.lh3-dg.googleusercontent.com manifest.lh3-dz.googleusercontent.com manifest.lh3.googleusercontent.com *.mos-updates-autopush-qual.googleusercontent.com *.mos-updates-autopush.googleusercontent.com *.mos-updates-dev.googleusercontent.com *.mos-updates-staging.googleusercontent.com *.mos-updates.googleusercontent.com *.notebooks.byoid.googleusercontent.com *.notebooks.googleusercontent.com *.pipelines.googleusercontent.com *.playground-internal.amp4mail.googleusercontent.com *.playground.amp4mail.googleusercontent.com *.prod.amp4mail.googleusercontent.com *.safenup.googleusercontent.com *.sandbox.googleusercontent.com *.tensorboard-autopush.googleusercontent.com *.tensorboard-dev.googleusercontent.com *.tensorboard-staging.googleusercontent.com *.tensorboard-test.googleusercontent.com *.tensorboard.googleusercontent.com *.tuf-autopush.googleusercontent.com *.tuf-dev.googleusercontent.com *.tuf-staging.googleusercontent.com *.tuf.googleusercontent.com

googleweblight.com *.googleweblight.com

*.ads-static.usercontent.goog *.aiplayables.usercontent.goog *.allownetworkplayables.usercontent.goog *.executionbox.usercontent.goog *.h5games.usercontent.goog *.isolated.usercontent.goog *.playables.usercontent.goog *.safeframe.usercontent.goog *.sandbox.usercontent.goog *.scf.usercontent.goog *.static.usercontent.goog *.ucp.usercontent.goog usercontent.goog *.usercontent.goog