SSL Certificate Analysis for www.hbcyber.site - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=app.craftkart.co

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 22, 2025

Valid Until

January 21, 2026 59 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

61:0D:60:2C:A8:E6:07:8F:CC:FF:15:7F:E7:17:C5:32:9A:26:37:B6:1A:4E:E4:D4:7F:3F:83:35:C3:D1:B4:A9

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

www.hbcyber.site

Other domains in certificate

gfm-room-visualizer-test.3dcloud.io

a24dbs-management.a24group.com

www.acini.pl

marketing-insights.additive-apps.eu

www.agonoodle.com

www.andrzejewski.dev

research.dat.animoca.space

anurag.ch

apoiotech.com.br

arra-associates.com

autocleanlavanderia.com.br

tagmanager.apps.avada.io

api.avonhealth.com

base64converter.xyz

bazookasrest.com

bingfolio.com

scan.bird.co

bix.place

www.blanchielaundry.com

cdn.blotch.app

publish.bookbites.com

bpat.jp

vazquez.bracelit.es

www.budgetina.net

www.bulletn.co

cairothedino.com

birthday.camden.dev

www.app.canopy.io

caobao.dev

dcardsearcher.cardbox.sc

www.cerrajeria.uy

ki-walls.chrisrichter.dev

app.classy.menu

cliquesolidario.com.br

www.cloudkeeping.info

colinterry.me

dev.conectacontrol.com

www.costprice.app

app.craftkart.co

css-cheatsheet.com

app.enfact.be

enomad.ca

ericaviolin.com

farmersmarketwichita.com

www.fastqueueapp.com

flashcardmanager.com

www.freedom35.org

frogmonster.net

fullylighttravels.com

package.gointerop.com

greenapeyzaj.com

dnd.henrykruell.com

cellar.staging.innovint.us

jumpmasterstall.jingjietan.com

kerp.blog

netwerkapp.kn-app.com

l-el.dev

www.lamafiatech.com

lapostoj.fr

cv.lexuandai20225271.xyz

maskchecken.se

www.michaelthegenius.com

auth.staging.milkywire.com

auth-stg.milocredit.com

www.mqtsuo02.dev

nadeeja.com

nsksrc.com

pb-i1.stage.openkind.me

parkpixie.com

app.peruse.app

poppyplaques.co.uk

v1.preveenraj.com

proctosurgicalhospital.com

ricobeti.ch

rizmal.si

www.rndm-bmx.com

share.rsh.de

rushhour.co.za

www.samilcan.com

stg-app.scandinavianmarkets.com

schmetterlingschule.de

www.scottishsolwaywildfowlersassociation.co.uk

retine-qc.sentrex.com

www.shreyandaanchal.com

admin.shsreport.com

speakingathome.jp

www.sprinzo.com

www.ssajapan.com

www.stapchallenge.nl

disney-coloring-world.storytoys.com

taktikom.net

www.timsigl.de

www.tpera.co.jp

inventory.traxsmart.in

www.uhloop.com

dl.unloc.app

www.vertexmedia.com.br

docs.whatsuy.com