SSL Certificate Analysis for backcuntry.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=tuw.es

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 06, 2026

Valid Until

April 06, 2026 57 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

59:59:93:C1:50:6E:C2:14:BB:24:E1:48:A1:D4:7D:47:B9:D0:5B:21:94:C0:D7:7A:BF:30:5F:4F:6E:8B:A0:07

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

backcuntry.com *.backcuntry.com

Other domains in certificate

aborym.com *.aborym.com

abovedomainname.com.au *.abovedomainname.com.au

accmon.com *.accmon.com *.random.accmon.com

alertlikes.com *.alertlikes.com

alertsreader.com *.alertsreader.com

amazonmeltlist.com *.amazonmeltlist.com

astrodeskfx.com *.astrodeskfx.com

avdmii.com *.avdmii.com

babiccinyrecepty.com *.babiccinyrecepty.com

bassprop.com *.bassprop.com *.random.bassprop.com *.ww16.bassprop.com

battlemaps.com *.battlemaps.com

cadostin.com *.cadostin.com

chuyentinhcogiaothao.com *.chuyentinhcogiaothao.com

devonline.live *.devonline.live

ducth.com *.ducth.com

e2corp.world *.e2corp.world

employeemarks.com *.employeemarks.com

free2think.org *.free2think.org

frostywoolridge.com *.frostywoolridge.com

headshopper.com *.headshopper.com

hubadnapinay.com *.hubadnapinay.com

icwo.net *.icwo.net

impulsive.au *.impulsive.au *.random.impulsive.au

ioicitymall.online *.ioicitymall.online

memafutures.com *.memafutures.com

namamo.com *.namamo.com

personalizationengines.com *.personalizationengines.com

phxlodging.com *.phxlodging.com

planetsplace.com *.planetsplace.com

pneus.solutions *.pneus.solutions

rummyluck.com *.rummyluck.com

samoan.life *.samoan.life

securecrypto.com.au *.securecrypto.com.au

skydivingaltimeters.com *.skydivingaltimeters.com

slateroofingmaterials.com *.slateroofingmaterials.com

tranistions.com *.tranistions.com

tuw.es *.tuw.es

umassedu.com *.umassedu.com

vincent-michaels.com *.vincent-michaels.com

visafy.info *.visafy.info

writeproposals.com *.writeproposals.com

zonfase2zm.cf *.zonfase2zm.cf