SSL Certificate Analysis for www.polyesterdinosaur.com - Security Grade & TLS Configuration

Open Cached · just now

84/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=California, O=Apple Inc., CN=me.com

Issuer

C=US, O=Apple Inc., CN=Apple Public Server RSA CA 1 - G1

Valid From

January 30, 2026

Valid Until

April 30, 2026 27 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

97:02:BC:E5:04:5C:0D:78:36:C0:93:69:AF:7F:9C:1D:C8:F2:06:9D:12:FF:D9:4C:E5:82:D4:BA:BB:98:A7:2F

Alternative Names

57 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

require-trusted-types-for; object-src; script-src; +1 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Present

ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*; +6 more

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Not Authorized (Potential misconfiguration)

Authorized CAs

pki.apple.com

Wildcard CAs

pki.apple.com

Incident Reporting

mailto:[email protected]

CAA Issues

• CRITICAL: Current certificate issuer 'C=US, O=Apple Inc., CN=Apple Public Server RSA CA 1 - G1' is NOT authorized by CAA records. Authorized CAs: pki.apple.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement

Subject Alternative Names

57 domains

polyesterdinosaur.com www.polyesterdinosaur.com

Other domains in certificate

me.com www.me.com

metapushpin.com www.metapushpin.com

mobileme.com www.mobileme.com

myappleid.com www.myappleid.com

myicloudid.com www.myicloudid.com

myiphoneid.com www.myiphoneid.com

newton.com www.newton.com

next.com www.next.com

nothingreal.com www.nothingreal.com

omegamap.com www.omegamap.com

oneline-apple-store.com www.oneline-apple-store.com

online-apple-store.com www.online-apple-store.com

onlineapplestore.com www.onlineapplestore.com

orchardatapple.com www.orchardatapple.com

orchardisdope.com www.orchardisdope.com

mandrill.organicfruitapps.com resources.organicfruitapps.com union.organicfruitapps.com

osxlionlaunchpad.com www.osxlionlaunchpad.com

pixelmatorpro.com www.pixelmatorpro.com

pixelmatorteam.com www.pixelmatorteam.com

playquicktime.com www.playquicktime.com

powerbook.com www.powerbook.com

prismo.com www.prismo.com

publishing-research.com

publishing-survey.com

publishingsurvey.com

qapple.com www.qapple.com

quicktime.com www.quicktime.com

quicktimestreaming.com

quicktimetv.com www.quicktimetv.com