SSL Certificate Analysis for api.be-a.art - Security Grade & TLS Configuration

Open Cached · 5h ago

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=almasanaproject.org

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 27, 2026

Valid Until

August 25, 2026 79 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

72:17:D2:A5:4B:F3:A1:39:5D:FC:3F:A2:FF:E3:9C:D4:5F:2B:67:64:C0:21:BE:49:66:14:02:AD:C4:55:C5:68

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

be-a.art *.be-a.art *.api.be-a.art *.app.be-a.art

Other domains in certificate

almasanaproject.org *.almasanaproject.org *.owa.almasanaproject.org

anneberg.com *.anneberg.com *.blog.anneberg.com *.fortivpn.anneberg.com *.sip.anneberg.com *.ww1.anneberg.com *.ww16.anneberg.com *.ww25.anneberg.com

ar-designz.com *.ar-designz.com

*.app.dwipbarta.com dwipbarta.com *.dwipbarta.com *.remote.dwipbarta.com *.vpn.dwipbarta.com

jdavsp.info *.jdavsp.info *.m.jdavsp.info *.test.jdavsp.info *.ww1.jdavsp.info *.ww12.jdavsp.info *.ww7.jdavsp.info *.www.jdavsp.info

leverageprime.co *.leverageprime.co *.www.leverageprime.co

pahlwaan.com *.pahlwaan.com *.ww38.pahlwaan.com

pgapps.pro *.pgapps.pro *.rustore.pgapps.pro

*.app.pokerholdem.it *.demo.pokerholdem.it *.hostmaster.pokerholdem.it *.mail-av.pokerholdem.it pokerholdem.it *.pokerholdem.it *.remote.pokerholdem.it *.reports.pokerholdem.it *.smtpmail.pokerholdem.it *.uat.pokerholdem.it

*.coins.punked.us *.couponway.punked.us *.creek.punked.us *.danijel.punked.us *.devs.punked.us *.dilapidateddistro.punked.us *.fun-awesome.punked.us *.fun-awsome.punked.us *.he.punked.us *.news-explorer.punked.us *.org.punked.us punked.us *.punked.us *.rsrchgrp.punked.us *.sbscrip7632154.punked.us *.weevil.punked.us *.wtwr.punked.us *.ygip.punked.us *.zeek.punked.us

*.cpcontacts.speedtest.cam speedtest.cam *.speedtest.cam *.webdisk.speedtest.cam *.webmail.speedtest.cam *.www.speedtest.cam

*.app.val-testing.com *.backup.val-testing.com *.d443ae03-5423-4624-9801-50d2f9e77b57.val-testing.com *.mail.val-testing.com *.members.val-testing.com *.staging.val-testing.com *.uat.val-testing.com val-testing.com *.val-testing.com

*.cdn2.vid1shar.shop vid1shar.shop *.vid1shar.shop *.ww38.vid1shar.shop

*.aemmobile.vmchichester.co.uk vmchichester.co.uk *.vmchichester.co.uk