SSL Certificate Analysis for www.candkcarrental.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=product.careers

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 04, 2025

Valid Until

March 04, 2026 82 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

88:26:BD:8B:AF:F7:AD:CB:B2:1F:95:B4:F6:6D:4E:DE:83:38:C2:1F:C2:B6:E7:5F:64:01:E0:76:11:13:37:92

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

www.candkcarrental.com

Other domains in certificate

accounts.adaptivedev.in

adultcreatorboost.com

akaratravels.com

www.akut.jobs

links.amro.tech

artdigital.app

atalas.net

auriuz.com

kenyaku-shindan.ayumi-s.co.jp

bazarpay360.com

fee.bibis-stories.com

blueprintbargains.com

budsalike.app

www.canamexcursions.com

beta.cashbilly.com

dev.castersociety.com

tsuribiyori-app.clearwaterproject.info

cedartreestudio.multiconnect.com.hk

toolspro.conceptune.com

gestao.conectanovaolinda.com.br

www.confactura.pe

cdmedia-cypmal-staging.contentcard.com

qadashboard.cultup.com

davidnliz.com

deptosgranados.cl

www.djandyjuice.com

instructor.dkprelearn.in

doublecheck.studio

www.droidz.app

www.droptaxirider24x7.com

dsfounis.com

secure.echo-lake.org

edrivenscore.app

api.edwin.cloud

app.effiway.com

tipsy-tower.html5.emallstudio.com

enigmora.com

www.eventsethiopia.com

feedad.com

staging.fishfacts.com

www.gigfuel.app

www.healthy-porn.com

hemlockapp.com

herbolisticarequipa.pe

www.impossibleselfie.com

jannaazabache.com

www.jarrak.com.au

poke.ju.studio

dev.katvinder.nl

ugm-predev.klarway.com

staging.lvmhcomplianceescape.com

www.madraswash.com

www.malam.be

manuelestefanell.com

marenarealestate.com

mashrockgoldcompany.com

residentleonardo.melbookings.com

miloandmei.com

app.ministrary.com

www.minnmini.com

mookee.link

myeng.pl

shop.oyedesi.in

beta.console.parkchamp.ca

product.careers

auth.projectmarketplace.live

auth.rasmus.com

www.redgatecider.co.uk

auth-qa.repeat.gg

mobile.rvezy.com

www.sarakaraga.com

uat.demo.members.sargon.com

www.schoolsuccessproject.com

shealynhindenlang.com

www.shrikezhang.com

app.sigixtract.com

smartappslab.com

softpath.co

app.solarstone.com

startryt.com

eatingin.studiossolution.com

www.surafel.com

tarjemle.com

www.tdtscholarship.org

team-lothe.com

www.tekworthy.com

race.thai.run

themarblefern.com

twinklejoyy.com

download.typefood.jp

www.ubytovani-cernahora.cz

timesheet.valentin.consulting

www.westshorelakeclub.com

whisperkeys.app www.whisperkeys.app

imgtest.youmewho.com

zebraclassroom.com

app-dev.zooc.io