SSL Certificate Analysis for api.echonewspaper.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=distinctivenails.salon

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 09, 2026

Valid Until

May 10, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

40:F3:C9:4C:1F:20:E6:1A:D7:A0:55:63:F6:EF:A4:B6:BB:A9:67:F0:02:19:25:C8:BD:4D:42:70:FC:97:05:46

Alternative Names

87 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

87 domains

echonewspaper.com *.echonewspaper.com *.api.echonewspaper.com *.demo.echonewspaper.com *.dev.echonewspaper.com *.mail.echonewspaper.com *.rustore.echonewspaper.com *.sitemap.echonewspaper.com *.test.echonewspaper.com

Other domains in certificate

arboldeproblemasplus.com *.arboldeproblemasplus.com

*.ajuda.betstreet.bet *.app.betstreet.bet *.backoffice.betstreet.bet *.backofficestatic.betstreet.bet betstreet.bet *.betstreet.bet

collver.com *.collver.com *.comune.collver.com *.sitemap.collver.com *.ww25.collver.com

diromsport.com *.diromsport.com

distinctivenails.salon *.distinctivenails.salon

dpunik.com *.dpunik.com

dragonggad2.com *.dragonggad2.com

drama.run *.drama.run

*.api.elbonche.com elbonche.com *.elbonche.com *.hostmaster.elbonche.com *.mail.elbonche.com *.sitemap.elbonche.com *.test.elbonche.com *.ww16.elbonche.com *.ww17.elbonche.com *.ww38.elbonche.com

eljardin.restaurant *.eljardin.restaurant

ella-woods.info *.ella-woods.info

elvallartanc.com *.elvallartanc.com

*.api.engagelocal.com *.dev.engagelocal.com engagelocal.com *.engagelocal.com *.mail.engagelocal.com *.my.engagelocal.com *.sitemap.engagelocal.com *.test.engagelocal.com

equifacts.nl *.equifacts.nl

espn.rocks *.espn.rocks

esposax.com *.esposax.com

estanccatedral.com *.estanccatedral.com

*.dev.jpp1204.com jpp1204.com *.jpp1204.com *.stage.jpp1204.com *.www.jpp1204.com

kcogbuildingfund.com *.kcogbuildingfund.com

kickqinmin.com *.kickqinmin.com

*.dev.lajollabeachhomes.com lajollabeachhomes.com *.lajollabeachhomes.com

*.michelles-40th.partyphotos.com.au *.michelles-th.partyphotos.com.au partyphotos.com.au *.partyphotos.com.au *.ww38.partyphotos.com.au

*.hostmaster.salsha.com salsha.com *.salsha.com

*.backend.tiu.it tiu.it *.tiu.it