SSL Certificate Analysis for cbdreader.christianbook.co - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=grondigital.com

Issuer

C=US, O=Let's Encrypt, CN=YR1

Valid From

June 15, 2026

Valid Until

September 13, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F8:52:D8:25:63:2C:05:36:1C:F3:D6:EF:04:08:D6:3C:E3:4A:B5:47:6C:96:F5:FB:9D:2F:0D:C3:58:C9:D5:B6

Alternative Names

86 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

86 domains

christianbook.co *.christianbook.co *.broadstreet.christianbook.co *.cbdreader.christianbook.co *.colsoncenter.christianbook.co *.hostmaster.christianbook.co *.wildcard.christianbook.co *.ww38.christianbook.co *.www.christianbook.co

Other domains in certificate

bluemountainproject.org *.bluemountainproject.org *.db.bluemountainproject.org *.ww25.bluemountainproject.org

*.affiliates.grondigital.com *.fiberartnow.grondigital.com grondigital.com *.grondigital.com *.jibing.grondigital.com *.random.grondigital.com *.tumour.grondigital.com

*.com.huz.au huz.au *.huz.au *.ww25.huz.au

*.comune.kierunki.com kierunki.com *.kierunki.com *.ww25.kierunki.com

*.areomagazine.kintsugi.com.au *.digipolitik.kintsugi.com.au *.dyingbythesword.kintsugi.com.au *.hosting.kintsugi.com.au kintsugi.com.au *.kintsugi.com.au *.portal.kintsugi.com.au *.rapskally.kintsugi.com.au *.teasmith.kintsugi.com.au

*.hostmaster.kladd.com kladd.com *.kladd.com *.mbcfvmail5.kladd.com *.ww11.kladd.com *.ww25.kladd.com

marumaruin.com *.marumaruin.com

pennwellknowledge.com *.pennwellknowledge.com *.random.pennwellknowledge.com

*.blog.ppowerschool.com ppowerschool.com *.ppowerschool.com *.sfe.ppowerschool.com

*.hostmaster.precisionpaddleboards.com *.link.precisionpaddleboards.com precisionpaddleboards.com *.precisionpaddleboards.com *.rentals.precisionpaddleboards.com *.ww17.precisionpaddleboards.com *.www.precisionpaddleboards.com

*.museum.ruralhumanservices.org ruralhumanservices.org *.ruralhumanservices.org

*.chat.securedallow.site *.flowiseai.securedallow.site *.go.securedallow.site *.img.securedallow.site *.integration.securedallow.site *.main.securedallow.site *.next.securedallow.site *.pipeline.securedallow.site *.qa.securedallow.site securedallow.site *.securedallow.site *.send.securedallow.site *.src.securedallow.site *.trx.securedallow.site *.ww25.securedallow.site *.zip.securedallow.site

senaffich.com *.senaffich.com

tacoma.me *.tacoma.me *.ww38.tacoma.me

*.ww25.wwlogmein123.com wwlogmein123.com *.wwlogmein123.com