SSL Certificate Analysis for apwj.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=choicebrave.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 06, 2026

Valid Until

May 07, 2026 86 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E4:76:01:2A:F9:7B:8D:AF:67:40:E6:11:E9:AD:5E:3D:87:80:FA:C6:41:28:E5:17:21:1C:5B:76:36:C8:37:42

Alternative Names

84 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

84 domains

apwj.com *.apwj.com *.b.apwj.com *.bia.apwj.com *.hard.apwj.com *.push.apwj.com *.wxi.apwj.com

Other domains in certificate

acari.co *.acari.co *.sitemaps.acari.co

almestad.com *.almestad.com *.m.almestad.com

*.app.bagspure.shop bagspure.shop *.bagspure.shop *.sitemaps.bagspure.shop

camisaspersonalizadas.com *.camisaspersonalizadas.com *.sitemaps.camisaspersonalizadas.com

choicebrave.com *.choicebrave.com *.sitemaps.choicebrave.com

clones.in *.clones.in *.m.clones.in

dayofgolf.com *.dayofgolf.com *.sitemaps.dayofgolf.com

*.d.degreement.top degreement.top *.degreement.top *.sitemaps.degreement.top

delphias.com *.delphias.com *.sitemaps.delphias.com

doseido.com *.doseido.com *.sitemaps.doseido.com *.ssl.doseido.com

k8cc.ink *.k8cc.ink *.sitemap.k8cc.ink

*.cloud1.localtastingtours.com *.comune.localtastingtours.com *.galeria.localtastingtours.com localtastingtours.com *.localtastingtours.com *.mx.localtastingtours.com *.rds1.localtastingtours.com *.sitemap.localtastingtours.com *.smtp.localtastingtours.com *.virtualaccess.localtastingtours.com *.wwww.localtastingtours.com

musicalife.com *.musicalife.com *.sitemap.musicalife.com

nbzsmlkn.com *.nbzsmlkn.com *.sitemap.nbzsmlkn.com

pinless.co *.pinless.co *.sitemap.pinless.co

*.cpanel.play2airdrop.xyz play2airdrop.xyz *.play2airdrop.xyz *.random.play2airdrop.xyz *.sitemap.play2airdrop.xyz

*.ebay.riverfloats.com riverfloats.com *.riverfloats.com *.sitemap.riverfloats.com *.ww16.riverfloats.com

*.antispam.saintleger.com saintleger.com *.saintleger.com *.sitemap.saintleger.com *.ww17.saintleger.com *.ww25.saintleger.com

*.mail.thornleys.com *.remote.thornleys.com *.sitemap.thornleys.com thornleys.com *.thornleys.com