SSL Certificate Analysis for admin.natrilha.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=bihuan.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 07, 2026

Valid Until

May 08, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

0E:B3:25:46:62:FE:41:50:C5:1A:60:35:35:D2:12:2C:5C:A7:7D:58:8F:8B:26:AE:77:48:6A:71:94:38:BE:2E

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

natrilha.com *.natrilha.com *.access.natrilha.com *.admin.natrilha.com *.api.natrilha.com *.connect.natrilha.com *.gateway.natrilha.com *.gp.natrilha.com *.hostmaster.natrilha.com *.m.natrilha.com *.ra.natrilha.com *.rd.natrilha.com *.rds.natrilha.com *.staging.natrilha.com *.vdi.natrilha.com *.vendas.natrilha.com *.vpn.natrilha.com *.vpn1.natrilha.com *.vpn2.natrilha.com *.vpnssl.natrilha.com *.webvpn.natrilha.com *.wildcard.natrilha.com *.ww1.natrilha.com *.ww16.natrilha.com *.ww25.natrilha.com *.ww38.natrilha.com

Other domains in certificate

*.beta.bihuan.com bihuan.com *.bihuan.com *.blog.bihuan.com *.crm.bihuan.com *.ebay.bihuan.com *.shop.bihuan.com *.sitemap.bihuan.com *.test.bihuan.com *.ww16.bihuan.com

*.api.kushforsale.com *.assets.kushforsale.com *.blog.kushforsale.com *.fax.kushforsale.com *.imap.kushforsale.com kushforsale.com *.kushforsale.com *.m.kushforsale.com *.mail.kushforsale.com *.pop.kushforsale.com *.rd.kushforsale.com *.shop.kushforsale.com *.sitemap.kushforsale.com *.sitemaps.kushforsale.com *.test.kushforsale.com *.vpn.kushforsale.com *.ynisxapi.kushforsale.com

*.assets.narrateyourbrand.com *.demo.narrateyourbrand.com *.hostmaster.narrateyourbrand.com *.kb.narrateyourbrand.com narrateyourbrand.com *.narrateyourbrand.com *.voronezh.narrateyourbrand.com

*.5cc7b86a-4d83-466c-8293-7a8fafe8271e.pailsburgundy.com pailsburgundy.com *.pailsburgundy.com

*.agent.rhr1.com *.dev.rhr1.com *.ftp.rhr1.com *.imap.rhr1.com *.m.rhr1.com *.rdp.rhr1.com *.rds.rhr1.com *.rds1.rhr1.com *.remote.rhr1.com rhr1.com *.rhr1.com *.sitemap.rhr1.com *.virtualstudent.rhr1.com *.ww1.rhr1.com *.ww7.rhr1.com *.www.rhr1.com

*.fcvkr.vtgaruda138.cfd vtgaruda138.cfd *.vtgaruda138.cfd

*.ivan.yeban.com *.ww16.yeban.com yeban.com *.yeban.com

*.webmail.yesmovies.press yesmovies.press *.yesmovies.press