SSL Certificate Analysis for api.vataha.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=profesmailer.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 10, 2026

Valid Until

May 11, 2026 76 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

29:B5:81:0A:7C:75:B0:CE:9C:A1:10:32:F4:61:3B:6D:31:41:49:1F:2A:0B:88:E2:86:21:0F:BF:2A:D4:DA:7E

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

vataha.com *.vataha.com *.backup.vataha.com *.hostmaster.vataha.com *.m.vataha.com *.mail.vataha.com *.mailer.vataha.com *.marketing.vataha.com *.qa.vataha.com *.secure.vataha.com *.staging.vataha.com *.stg.vataha.com *.tqdakww17.vataha.com *.v1.vataha.com *.v2.vataha.com *.web.vataha.com *.ww1.vataha.com *.ww11.vataha.com *.www.vataha.com

Other domains in certificate

audiblyhazyviper.com *.audiblyhazyviper.com *.www.audiblyhazyviper.com

*.assets.badut338.org badut338.org *.badut338.org *.ec3c27be-89df-493d-ad73-131138d2315d.badut338.org *.www.badut338.org

*.api.chiasenhac.us *.cf.chiasenhac.us chiasenhac.us *.chiasenhac.us *.data.chiasenhac.us *.data02.chiasenhac.us *.data16.chiasenhac.us *.data19.chiasenhac.us *.data20.chiasenhac.us *.data27.chiasenhac.us *.data5.chiasenhac.us *.g.chiasenhac.us *.ildcard.chiasenhac.us *.srv.chiasenhac.us

ecatpowerpack.com *.ecatpowerpack.com *.ww38.ecatpowerpack.com

filmjepang.com *.filmjepang.com *.staging.filmjepang.com *.ww25.filmjepang.com *.xnxx.filmjepang.com *.xxx.filmjepang.com

gut.com.au *.gut.com.au *.ns1.gut.com.au

*.d.hulive.xyz hulive.xyz *.hulive.xyz *.wildcard.hulive.xyz

*.demo.nhatvip.photos *.dev.nhatvip.photos nhatvip.photos *.nhatvip.photos

pasasion.com *.pasasion.com *.wildcard.pasasion.com

*.click.profesmailer.com profesmailer.com *.profesmailer.com

safeay.com *.safeay.com

triathlon.cz *.triathlon.cz *.wildcard.triathlon.cz *.ww1.triathlon.cz *.ww38.triathlon.cz

violetthe13.com *.violetthe13.com *.wildcard.violetthe13.com *.ww25.violetthe13.com *.ww38.violetthe13.com

*.marketing.xenoryx.company *.v1.xenoryx.company xenoryx.company *.xenoryx.company

*.random.xn--fkalienbehlter-5hbj.de xn--fkalienbehlter-5hbj.de *.xn--fkalienbehlter-5hbj.de

*.ww25.zwah.com *.xhykv.zwah.com zwah.com *.zwah.com