SSL Certificate Analysis for ch.barkeeper.io - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=wpgra.top

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

May 29, 2026

Valid Until

August 27, 2026 66 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3E:9B:DA:27:57:FA:CE:CA:CB:7A:FC:60:B1:9E:67:A0:94:AF:55:9C:B4:AD:3C:C5:DC:16:ED:D4:9A:DF:8D:0F

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

barkeeper.io *.barkeeper.io

Other domains in certificate

asisareembolso.com *.asisareembolso.com

aspenisave.com *.aspenisave.com

backhoe.io *.backhoe.io

beatsavior.io *.beatsavior.io

betlineexch.com *.betlineexch.com

betlineexch.info *.betlineexch.info

bettertopushoperations.info *.bettertopushoperations.info

bidadollc.com *.bidadollc.com

boilertrailer.com *.boilertrailer.com

capcutapkdownload.download *.capcutapkdownload.download

cgasyr.loan *.cgasyr.loan

cgvxqn.gdn *.cgvxqn.gdn

chaotoulun.com *.chaotoulun.com

chorchacoupon.com *.chorchacoupon.com

dfeaa6726223a3c6.com *.dfeaa6726223a3c6.com

dioriosofpalisade.com *.dioriosofpalisade.com

donyatna.info *.donyatna.info

redwinsshoes.com *.redwinsshoes.com

reliabletripadvisory.live *.reliabletripadvisory.live

ropebark.com *.ropebark.com

rsdgn.my *.rsdgn.my

sharonsunshine.com *.sharonsunshine.com

shyxoxvhrw.top *.shyxoxvhrw.top

*.assets.velv.io velv.io *.velv.io

wpgra.top *.wpgra.top

wwwyw5568.com *.wwwyw5568.com

x88a1735.cc *.x88a1735.cc

*.cg4o5.xiurcao.top xiurcao.top *.xiurcao.top

xn--unup7c55n4z2a.cc *.xn--unup7c55n4z2a.cc

xn--vl1a0c.com *.xn--vl1a0c.com

xn--vuqt16blhx.com *.xn--vuqt16blhx.com

xn--wvwy2q.com *.xn--wvwy2q.com

xn--xhqs53a.cc *.xn--xhqs53a.cc

xn--yieldnst-g1a.finance *.xn--yieldnst-g1a.finance

xn--zbx025d.com *.xn--zbx025d.com

xn--zc3a.com *.xn--zc3a.com

xnnca.my *.xnnca.my

yaa2835.cc *.yaa2835.cc

zigum.design *.zigum.design

zilaq.gdn *.zilaq.gdn

zxbri.my *.zxbri.my

zzz2125.top *.zzz2125.top