SSL Certificate Analysis for cespa.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=0318nuanqipian.com

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

June 02, 2026

Valid Until

August 31, 2026 69 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F8:AB:94:19:6C:4B:0D:F3:D8:AC:CC:7A:DB:9F:F8:8B:5A:75:6E:B7:F1:A6:A1:BC:66:C8:95:AB:6F:7D:24:F9

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

cespa.org *.cespa.org

Other domains in certificate

0318nuanqipian.com *.0318nuanqipian.com

06558.my *.06558.my

185109.my *.185109.my

24win.bet *.24win.bet

26625792.vip *.26625792.vip

297015.my *.297015.my

346825.xyz *.346825.xyz

34786.my *.34786.my

35660.my *.35660.my

3833tj.cc *.3833tj.cc

392456.my *.392456.my

40068.vip *.40068.vip

450634.xyz *.450634.xyz

51158.co *.51158.co

5534666.cc *.5534666.cc

599569.me *.599569.me

63849.club *.63849.club

838605.xyz *.838605.xyz

86577.my *.86577.my

boxtoxsavingsprogram.com *.boxtoxsavingsprogram.com

cajun.lol *.cajun.lol

english-siko-206.today *.english-siko-206.today

g63g7d3dq.world *.g63g7d3dq.world

ganardosveces.com *.ganardosveces.com

gospin123.blog *.gospin123.blog

greylan.cc *.greylan.cc

gutter-guard-lx018.xyz *.gutter-guard-lx018.xyz

hyringone.com *.hyringone.com

i95.my *.i95.my

ifgja.my *.ifgja.my

innovativediypaths.live *.innovativediypaths.live

jmcomic.one *.jmcomic.one

jpn-fxgt.com *.jpn-fxgt.com

jukaikeji.cn *.jukaikeji.cn

k81k.icu *.k81k.icu

linkgampangcuan.net *.linkgampangcuan.net

lvuoh.love *.lvuoh.love

magicrider520.top *.magicrider520.top

ohhll.work *.ohhll.work

ondamais.com *.ondamais.com

rawrkindergarten.com *.rawrkindergarten.com

rochii.info *.rochii.info

star62.com *.star62.com

thornton.org *.thornton.org