SSL Certificate Analysis for 2795.win - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=24591.blog

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

April 19, 2026

Valid Until

July 18, 2026 58 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

43:6D:B3:95:64:57:7C:76:50:1F:32:17:62:B5:DC:02:A4:3B:C4:0B:27:1B:10:00:9D:54:44:24:F3:42:ED:FA

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

2795.win *.2795.win

Other domains in certificate

24591.blog *.24591.blog

25427.blog *.25427.blog

2688.win *.2688.win

27139.blog *.27139.blog

2926.win *.2926.win

3506.win *.3506.win

36817.blog *.36817.blog

38016.blog *.38016.blog

39329.blog *.39329.blog

39897.blog *.39897.blog

4172.win *.4172.win

6372.win *.6372.win

9125.win *.9125.win

96534.blog *.96534.blog

agen96online.com *.agen96online.com

ahcydkj.cn *.ahcydkj.cn

allbeautywater.com *.allbeautywater.com

appleaire.com *.appleaire.com

aspiruskeweenaw.org *.aspiruskeweenaw.org

befar.com.cn *.befar.com.cn

comfortbythesea.com *.comfortbythesea.com

cornerstonehospicecare.com *.cornerstonehospicecare.com

deamzon.com *.deamzon.com

dtalukstuab.com *.dtalukstuab.com

f228.gg *.f228.gg

fangyuanlehaosi.cn *.fangyuanlehaosi.cn

financingindustry.com *.financingindustry.com

fizzmanindustries.com *.fizzmanindustries.com

foundry.meme *.foundry.meme

gtcscan.com *.gtcscan.com

hyperloopdigital.com *.hyperloopdigital.com

imtechnology.org *.imtechnology.org

ip-office.com.cn *.ip-office.com.cn

istanbulonline.org *.istanbulonline.org

jnhtzy.cn *.jnhtzy.cn

joker123autodownload.com *.joker123autodownload.com

kredit-motorhonda.com *.kredit-motorhonda.com

les3roses.com *.les3roses.com

lwst.org *.lwst.org

managerboss.com *.managerboss.com

micado-kitchen.com *.micado-kitchen.com

milliondollarjanitor.com *.milliondollarjanitor.com

paradisewebnepal.com *.paradisewebnepal.com

profile.live *.profile.live