SSL Certificate Analysis for aeternus.us - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=640732.cn

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

April 09, 2026

Valid Until

July 08, 2026 58 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

C0:97:62:DF:DF:2D:58:3F:80:3A:7D:2D:3C:F2:8E:27:8A:36:C0:42:17:9A:4B:5C:4E:C3:F6:E7:F3:E2:E5:18

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

aeternus.us *.aeternus.us

Other domains in certificate

628739.blog *.628739.blog

640732.cn *.640732.cn

75242.vip *.75242.vip

97509.my *.97509.my

99y8w.cc *.99y8w.cc

beereventpromotion.com *.beereventpromotion.com

bltfpa.shop *.bltfpa.shop

book.company *.book.company

busve.city *.busve.city

bvvys.reviews *.bvvys.reviews

caringhotels.com *.caringhotels.com

cct489.cc *.cct489.cc

chhiesa.com *.chhiesa.com

choosechanghale.click *.choosechanghale.click

cleanitfast.com *.cleanitfast.com

clearhub.sbs *.clearhub.sbs

cliqstudios-team.com *.cliqstudios-team.com

cliqstudiosemail.com *.cliqstudiosemail.com

coinop.social *.coinop.social

convertingtraffic-hq.co *.convertingtraffic-hq.co

meadrenovations.com *.meadrenovations.com

middayplace.rest *.middayplace.rest

miika.in *.miika.in

mikesmith.co *.mikesmith.co

mlxy88.cfd *.mlxy88.cfd

much-call-126365984.click *.much-call-126365984.click

mysteryrace725.shop *.mysteryrace725.shop

nolkqo.bid *.nolkqo.bid

non-invasive-767426647.click *.non-invasive-767426647.click

nordcapital.co *.nordcapital.co

o3d.us *.o3d.us

private-investigator1.click *.private-investigator1.click

psots.live *.psots.live

renownededucation.com *.renownededucation.com

repter.com *.repter.com

roofleadsco.com *.roofleadsco.com

satrangruppe.com *.satrangruppe.com

scanner.lol *.scanner.lol

schnellkreditonlineohnedokumente.today *.schnellkreditonlineohnedokumente.today

skyxtoken.tech *.skyxtoken.tech

tailsofhartwell.co.uk *.tailsofhartwell.co.uk

tenghui558w.cc *.tenghui558w.cc

testtesttesttet.sbs *.testtesttesttet.sbs

tvl.onl *.tvl.onl