SSL Certificate Analysis for choha.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=choha.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 02, 2026

Valid Until

May 03, 2026 70 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

2C:86:08:6A:D7:7E:4E:02:29:EA:60:EA:56:8C:E2:D0:9B:CA:A3:74:AE:25:61:30:7C:6F:4C:B9:93:00:CF:E3

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

choha.com *.choha.com *.ww16.choha.com

Other domains in certificate

0l2chg.shop *.0l2chg.shop

312339aa4.sbs *.312339aa4.sbs

5378383.cc *.5378383.cc

59633.one *.59633.one

6er0cq.shop *.6er0cq.shop

72561.pizza *.72561.pizza

81181.locker *.81181.locker

92199.mobi *.92199.mobi

99889.boutique *.99889.boutique

agapehospitality.com *.agapehospitality.com

assurent.com *.assurent.com *.desjardin.assurent.com

bbqjam.com *.bbqjam.com

blaclabelpremium.com *.blaclabelpremium.com

blockexplorer.com.au *.blockexplorer.com.au

f728r6.shop *.f728r6.shop

fb449.top *.fb449.top

footsolution.com *.footsolution.com

heavydutyraillinks.shop *.heavydutyraillinks.shop

heing.com *.heing.com *.temporarydomain.heing.com

historisch.com *.historisch.com

jucaiodpi.cc *.jucaiodpi.cc

*.hostmaster.kirners.com kirners.com *.kirners.com *.ny.kirners.com *.ww16.kirners.com

muskit.co *.muskit.co

new-house-051.cfd *.new-house-051.cfd

new999.info *.new999.info

ngm5x3.shop *.ngm5x3.shop

norskordbok.com *.norskordbok.com *.sitemaps.norskordbok.com

oliola.com *.oliola.com *.ww16.oliola.com

*.beta.oneclickstudios.com *.imap.oneclickstudios.com oneclickstudios.com *.oneclickstudios.com

parasitary.com *.parasitary.com

prerelationship.com *.prerelationship.com

spaceships.top *.spaceships.top

uaxyhs.top *.uaxyhs.top

uggwomensboots.com *.uggwomensboots.com

uuu5585.top *.uuu5585.top

wen869217.top *.wen869217.top

zfwqb.pro *.zfwqb.pro

zsleep.com *.zsleep.com