SSL Certificate Analysis for colormebright.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=s4a.bhazze.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

November 20, 2025

Valid Until

February 18, 2026 88 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

80:CF:1E:4D:55:BA:EC:41:13:E7:87:73:1A:07:F0:30:0A:0F:23:C4:9A:DA:71:0D:D9:37:35:48:1C:8F:38:AB

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

colormebright.com

Other domains in certificate

www.academiadeacordeon.com

adventuringminds.com

www.aiaiflix.com

www.aisolutions.business

alhajy.app

www.ambuzone.com

andrewhossam.com

admin.ape-ai.dev

testapp.staging.console.appabrik.jp

www.applogics.co.uk

dashboard.argos-solutions.io

link.arviewer.app

asenko.be

testadmin.auraviv.com

s4a.bhazze.com

bishoptrade.com

www.blueglassesman.com

app.cafyx.com cafyx.com www.cafyx.com

workout.casspham.com

beta.app.cat4school.de

challengetraders.com

www.namamiindia.co.in

coachjulie.tennis

sttquyettam.congso.com

cppcalc.com

currynaanhouse.com

dadjokesare.cool

www.davidben.net

www.degtyarev.biz

dashboard.destivictsolutions.com

manager.digitalview.fr

www.dkfw.me

dlap.pr

www.dvmantenlimpio.com

econometricadvisors.co.uk

www.encitive.com

app.crowds.entelocean.cl

ethquest.io

everydaymuslim.net

www.flowcircuits.com

www.india.flux.chat

digitaledge.framez.sg

freddi.link

api.taskmap.g2solutions.io

embed.gamesnacks.com

www.geomobs.com

gpi-code.com

www.guiaaltabusca.com.br

guiltandworry.com

haibinc.com

api-dev.historik.com

backoffice.test.houseid.services

staging.race.indo.run

ispythonalanguage.co.uk

cliente.israelfrota.com.br

test-gateway.ivoy.mx

nordhemsskolan.jawsapp.online

www.jdaqbank.com

jointoyage.com

www.jose-ep.com

juangreco.com

kelvys.com.br

kumbaa.co.uk

lp.kurp.in

www.dev.lifeschools.ca

loudifymusic.com

duality.marplebot.com

martinez-saul-wedding.com

michaelandkyrstin.com

mihailpanayotov.com

tasktracker.dashboard.mindmesh.app

mwk.io

irwandev.my.id

noter.pro

open-props.style

staging.our.date

triggeredturtle.pense.co.uk

www.pertrain.ai

pillahora.cl

planitech.com.au

test.cms.plannt.app

vendor-dev8.qlub.cloud

rollymonkey.rednblack.games

shared.roosterball.media

segundaartephotostudio.com.br

auth.sharepark.net

dev.silkframe-media.de

simplematter.io

studylog.jp

supplementary.info

task-manager.net

auth.traveltruster.com

www.vanlaer.net

vividana.ca

wannapark.in

app.yuzu.hr