SSL Certificate Analysis for dev.civ.uk - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=hdtpday.cc

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 05, 2026

Valid Until

April 05, 2026 55 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

32:90:9C:24:0A:7F:71:F7:9A:64:4F:68:9A:C0:4D:D5:15:1E:E0:49:82:D9:7F:FE:4B:4C:C2:F4:A7:1F:26:B5

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

civ.uk *.civ.uk *.demo.civ.uk *.magento.civ.uk *.old.civ.uk *.staging.civ.uk *.test.civ.uk

Other domains in certificate

3lines.online *.3lines.online *.bbs.3lines.online *.dashboard.3lines.online *.hostmaster.3lines.online *.mta-sts.3lines.online *.office.3lines.online

818win.bet *.818win.bet *.ww25.818win.bet *.ww38.818win.bet

benessere.club *.benessere.club *.mail.benessere.club *.www.benessere.club

cinemalibero.digital *.cinemalibero.digital

*.booking.com-pulse-extranets.com com-pulse-extranets.com *.com-pulse-extranets.com

doods.life *.doods.life

hdtpday.cc *.hdtpday.cc *.wildcard.hdtpday.cc

*.comune.healthylivingadvice.us *.cpcontacts.healthylivingadvice.us healthylivingadvice.us *.healthylivingadvice.us *.ww25.healthylivingadvice.us

investable.org *.investable.org

javvip.pro *.javvip.pro

knocks.company *.knocks.company

kongdogtoys.com *.kongdogtoys.com *.wildcard.kongdogtoys.com

mangguosp.xyz *.mangguosp.xyz *.wildcard.mangguosp.xyz *.ww25.mangguosp.xyz

*.development.movierulz.vip *.flow.movierulz.vip movierulz.vip *.movierulz.vip *.ww1.movierulz.vip *.ww12.movierulz.vip *.ww7.movierulz.vip

peponoschool.org *.peponoschool.org

rothschilds.news *.rothschilds.news *.ww25.rothschilds.news *.ww38.rothschilds.news

*.m1.sfeypxe.com *.m22.sfeypxe.com *.m26.sfeypxe.com *.m28.sfeypxe.com *.m29.sfeypxe.com *.m3.sfeypxe.com *.m30.sfeypxe.com *.m39.sfeypxe.com *.m41.sfeypxe.com *.m42.sfeypxe.com *.m6.sfeypxe.com sfeypxe.com *.sfeypxe.com

vilocau.com *.vilocau.com *.ww25.vilocau.com

*.0vcj7pvapu.wishbestday.com *.28lazf01rr.wishbestday.com wishbestday.com *.wishbestday.com

*.com.xayal.info *.cpcontacts.xayal.info *.mail.xayal.info *.topkurd.xayal.info *.wildcard.xayal.info xayal.info *.xayal.info