SSL Certificate Analysis for access.grandsplace.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=fiverent.buzz

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 27, 2025

Valid Until

March 27, 2026 61 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

BB:40:05:B7:3C:0A:14:F8:33:97:2D:C8:30:3C:AA:84:53:79:25:6E:E1:9D:1E:8A:8A:F8:16:96:A5:CD:9F:F2

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

grandsplace.org *.grandsplace.org *.access.grandsplace.org *.api.grandsplace.org *.cisapp.grandsplace.org *.remote.grandsplace.org *.smtp.grandsplace.org *.wap.grandsplace.org

Other domains in certificate

21stcenturyscience.org *.21stcenturyscience.org

bdservice.info *.bdservice.info

betstarexchcasino.com *.betstarexchcasino.com

bitake.biz *.bitake.biz *.temp.bitake.biz *.ww25.bitake.biz *.ww38.bitake.biz *.www.bitake.biz

divineestofados.com *.divineestofados.com

*.app.fiverent.buzz *.cpanel.fiverent.buzz fiverent.buzz *.fiverent.buzz *.ftp.fiverent.buzz *.mail.fiverent.buzz *.pop.fiverent.buzz *.sitemap.fiverent.buzz *.sitemaps.fiverent.buzz *.www.fiverent.buzz

freefac.org *.freefac.org

icom-cc2017.org *.icom-cc2017.org

info-ap.com *.info-ap.com

moena.co.uk *.moena.co.uk *.order.moena.co.uk

*.asmlogisticsservice.mssanjidatransportagency.com *.laravelbrodcasting.mssanjidatransportagency.com mssanjidatransportagency.com *.mssanjidatransportagency.com *.node.mssanjidatransportagency.com *.nodeandphp.mssanjidatransportagency.com

*.api.ponderosapines.biz *.development.ponderosapines.biz *.mail.ponderosapines.biz *.mta-sts.ponderosapines.biz ponderosapines.biz *.ponderosapines.biz *.shop.ponderosapines.biz *.staging.ponderosapines.biz *.store.ponderosapines.biz *.test.ponderosapines.biz *.ww25.ponderosapines.biz *.ww3.ponderosapines.biz *.ww38.ponderosapines.biz *.www.ponderosapines.biz

sasksjobs.ca *.sasksjobs.ca

*.az1.sdf31.com *.az2.sdf31.com *.az3.sdf31.com *.az4.sdf31.com *.az5.sdf31.com *.az6.sdf31.com *.az7.sdf31.com *.az8.sdf31.com *.az9.sdf31.com *.dwj2.sdf31.com sdf31.com *.sdf31.com *.ww38.sdf31.com *.xx1.sdf31.com *.yx.sdf31.com

siyahfilmizle.bio *.siyahfilmizle.bio

twivideo.org *.twivideo.org

untitleddocument.co.uk *.untitleddocument.co.uk *.ww25.untitleddocument.co.uk

webpushing.com *.webpushing.com

wlowz.com *.wlowz.com