SSL Certificate Analysis for circle.com.bayern - Security Grade & TLS Configuration

Certificate Information

Subject

CN=008777.co

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 02, 2026

Valid Until

May 03, 2026 83 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

12:E9:55:B4:53:90:54:84:3F:01:89:D2:B7:AD:42:86:64:9C:02:86:34:79:9C:D3:AC:7E:36:B7:2B:44:D7:A5

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

com.bayern *.com.bayern

Other domains in certificate

008777.co *.008777.co

04328.co *.04328.co

07770.locker *.07770.locker

07990.net *.07990.net

09515.locker *.09515.locker

100741.xyz *.100741.xyz

49517.mobi *.49517.mobi

4ad824rity.sbs *.4ad824rity.sbs

4lib.org *.4lib.org

55fx59.shop *.55fx59.shop

59667.one *.59667.one

66827.locker *.66827.locker

69556.academy *.69556.academy

696187.club *.696187.club

6tz6ykth.top *.6tz6ykth.top

726286.club *.726286.club

75012.academy *.75012.academy

786931.loan *.786931.loan

83879.net *.83879.net

877308aa3.sbs *.877308aa3.sbs

adsslot728.cfd *.adsslot728.cfd

assentingly.com *.assentingly.com

bumiofinavandu.com *.bumiofinavandu.com

dealhive.college *.dealhive.college

dentalimplant392081.icu *.dentalimplant392081.icu

dentalimplants722025.icu *.dentalimplants722025.icu

djebru.shop *.djebru.shop

dodorr.co *.dodorr.co

e1jlh3.shop *.e1jlh3.shop

embracingmysixties.com *.embracingmysixties.com

ewiroa.com *.ewiroa.com

flavorsomefoodfinder.sbs *.flavorsomefoodfinder.sbs

gajian123j.com *.gajian123j.com

honghuo-36eft.sbs *.honghuo-36eft.sbs

hs69z.xyz *.hs69z.xyz

kitchenchairs.com.au *.kitchenchairs.com.au

mybelmansroofing.com *.mybelmansroofing.com

nftsquad.com *.nftsquad.com

ntqcxizgsnfj.cc *.ntqcxizgsnfj.cc

perennialcircle.com *.perennialcircle.com

raccontidigtop.com *.raccontidigtop.com

roulette77win.com *.roulette77win.com

rozj1vg.cyou *.rozj1vg.cyou

sambhavi.in *.sambhavi.in