SSL Certificate Analysis for blog.woolfork.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=woolfork.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 21, 2026

Valid Until

May 22, 2026 87 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

35:6F:5F:B0:AA:F9:BB:E0:1C:B8:D4:FE:51:74:6F:B3:D4:5E:4A:35:24:8D:19:CA:4F:71:FB:70:FF:0F:08:BA

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

woolfork.com *.woolfork.com *.blog.woolfork.com *.sitemap.woolfork.com *.sitemaps.woolfork.com *.wp.woolfork.com *.ww1.woolfork.com *.ww25.woolfork.com *.ww38.woolfork.com

Other domains in certificate

alfaiha.com *.alfaiha.com *.wiki.alfaiha.com *.ww16.alfaiha.com *.ww25.alfaiha.com *.ww38.alfaiha.com

*.about-us.ecya.org *.careers.ecya.org *.contact.ecya.org *.cpanel.ecya.org ecya.org *.ecya.org *.education.ecya.org *.events.ecya.org *.hch.ecya.org *.hostmaster.ecya.org *.mail.ecya.org *.portekiz-tanitimi.ecya.org *.portekizde-ab-projeleri.ecya.org *.projects.ecya.org *.remote.ecya.org *.sitemaps.ecya.org *.vpn.ecya.org *.www.ecya.org

*.hostmaster.imitar.com imitar.com *.imitar.com *.m.imitar.com *.wiki.imitar.com *.ww25.imitar.com

*.imap2.renewcanada.com *.rdweb.renewcanada.com renewcanada.com *.renewcanada.com *.vpn.renewcanada.com *.vpnssl.renewcanada.com *.ww11.renewcanada.com *.zimbra.renewcanada.com

*.pay.sattadelhiborder16.xyz sattadelhiborder16.xyz *.sattadelhiborder16.xyz

*.0f60e8f3-5571-4df1-9e00-82b21714f36f.slrmorts.com *.admin.slrmorts.com *.api.slrmorts.com *.app.slrmorts.com *.assets.slrmorts.com *.demo.slrmorts.com *.hostmaster.slrmorts.com *.iwubldemo.slrmorts.com slrmorts.com *.slrmorts.com *.staging.slrmorts.com

*.api.spend.love *.app.spend.love *.intranet.spend.love *.remote.spend.love *.shop.spend.love spend.love *.spend.love *.store.spend.love *.we.spend.love *.ww12.spend.love *.ww7.spend.love

*.hostmaster.tradeys.com tradeys.com *.tradeys.com *.ww16.tradeys.com *.ww17.tradeys.com *.ww25.tradeys.com

*.blog.vevoh.com *.hostmaster.vevoh.com *.tbm.vevoh.com vevoh.com *.vevoh.com *.ww16.vevoh.com *.ww25.vevoh.com *.ww41.vevoh.com

vgtidbits.com *.vgtidbits.com *.ww12.vgtidbits.com