SSL Certificate Analysis for dev.schudy.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=hdonline.pl

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 03, 2026

Valid Until

May 04, 2026 82 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B3:0A:B0:DC:EB:EE:AE:C5:BA:18:2A:5F:11:F7:FC:CC:4C:95:BF:90:5B:CA:33:CA:30:75:CB:BF:56:91:90:A4

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

schudy.com *.schudy.com

Other domains in certificate

*.aapod.astronomy.fm astronomy.fm *.astronomy.fm *.chat.astronomy.fm *.playground.astronomy.fm

bilget.com *.bilget.com *.bora.bilget.com

*.beta.bilter.com bilter.com *.bilter.com

*.account.clashofclansfree.com clashofclansfree.com *.clashofclansfree.com *.ww25.clashofclansfree.com

daljit.com *.daljit.com *.ww16.daljit.com

*.argo.dayattheraces.com.au dayattheraces.com.au *.dayattheraces.com.au *.ww25.dayattheraces.com.au *.ww38.dayattheraces.com.au

foldingwallet.com *.foldingwallet.com

*.elev.grankulla.com grankulla.com *.grankulla.com

hdonline.pl *.hdonline.pl *.hostmaster.hdonline.pl *.www.hdonline.pl

*.4hvx34qg743obus0.hvjvideon.xyz *.api.hvjvideon.xyz *.app.hvjvideon.xyz *.hostmaster.hvjvideon.xyz hvjvideon.xyz *.hvjvideon.xyz *.m.hvjvideon.xyz *.random.hvjvideon.xyz *.ww25.hvjvideon.xyz *.ww38.hvjvideon.xyz *.www.hvjvideon.xyz

killbrantoytrailers.co.uk *.killbrantoytrailers.co.uk *.ww25.killbrantoytrailers.co.uk

kod.au *.kod.au *.kuhus.kod.au *.random.kod.au

*.hostmaster.mapmywalk.co.uk mapmywalk.co.uk *.mapmywalk.co.uk *.www.mapmywalk.co.uk

mobile-safebrowse.com *.mobile-safebrowse.com *.pop.mobile-safebrowse.com *.whm.mobile-safebrowse.com

*.ms.rennacommunications.com rennacommunications.com *.rennacommunications.com *.ww38.rennacommunications.com *.www.rennacommunications.com *.xl.rennacommunications.com

satmas.com *.satmas.com

sedtonmu.com *.sedtonmu.com

seifu.com *.seifu.com

sentiero.net *.sentiero.net

*.random.td26.com td26.com *.td26.com

*.api.thelegion.com *.app.thelegion.com *.conteudo.thelegion.com *.loja.thelegion.com thelegion.com *.thelegion.com *.vpn.thelegion.com

ttt4.biz *.ttt4.biz *.ww38.ttt4.biz

zvq31.top *.zvq31.top