SSL Certificate Analysis for stefanprokop.dev - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=www.parkaly.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 09, 2025

Valid Until

January 07, 2026 43 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

26:43:FE:89:CF:1A:09:C2:A3:25:7F:B9:E2:EC:08:B3:E4:6E:81:D5:08:CE:2F:89:B0:96:77:03:E4:F8:C0:23

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

stefanprokop.dev

Other domains in certificate

system.acnagri.com

fx.ajocard.com

www.angusnewbie.in

supplier.anylogi.com

apisailor.com

authentication-philippines.com

auth.balansero.com

crypto.bcode.cloud

link.belajarbisnispemula.com

blooom.app

messenger.bridge-comm.net

share.spot.bsstr.com

app.budss.co

camilytics.camiapp.net

sms.ccsnwa.com

menu.cherryfrost.in

www.citypublicschool.in

cltradingcompany.com

108-leonard.teaser-demo.dbox.com

devastro.net

devilfish.site

www.emailhawk.app

public-datacatalog.entur.org

app.ezora.co

whois.gerbenkr.nl

beta.gettwoit.com

glycanage.hr

charge-d.goegonetwork.com

app.gourmakers.com

connect.hastingsdeering.com.au

staging-dev.iam.fm

www.indianmango.de

www.infrapartners.llc

www.instavideo.me

dev.japan-pachinko-navi.com

www.joerg-faulhaber.de

karteiros.com.br

uni.keeponrock.in

keval.io

know-it-all.io

www.ktkathirvel.com

parent.littleskoolhouse.com

http-connector.schema.magement.com

www.momot-consulting.de

mosmai.me

tactotest.mykinderpass.com

miplan.mymoons.co

hub-gourmet.nextorder.com

nobstrainer.cz

app.obk360.com

staging-web.omnicurenow.com

auth.opensentinel.com

auth.orreco.com

paradoxeauvillage.fr

pariopathy.com

www.parkaly.com

www.pdvbrasil.com

pedicurethorn.nl

photoup.app

www.playbangerz.com

premierbalcon.fr

www.productosparamaduraciondiproma.com

test-umsjon.pulsmedia.is

www.restaurantechinooriental.com

www.rewardsfolio.com

link.saveonfoods.com

senyoltw.net

app.servicejan.com

stream.shoplitlive.com

staging.smihb.com

vodafone.sncr.dev

spectaqler.com

mtsuhowmany.sqwadhq.com

auth.statusflare.com

ing.sudahdistaging.in

svvglobal.com

thaddeusmaximusgames.com

abcd.tibles.com

www.tint.cafe

www.tnguyen.dev

link-dev.trueli.me

cloud.uncagedrobotics.com

unisketchdesign.com

cu.upolicy.ca

painel.valefacilcard.com.br

valiaindustrialpark.com

vectorsoft.com

veenusnest.com

fitnessandbodybuilding.vgfit.com

vladretca.dev

www.wasmerize.com

archive.whoosthere.com

www.woodiespizza.com.au

xoogler.de

admin.yourdocket.com

6th.yute.com

zeitguru.de

carniceria.zellship.com