SSL Certificate Analysis for dev.valr.world - Security Grade & TLS Configuration

Certificate Information

Subject

CN=valr.world

Issuer

C=US, O=Let's Encrypt, CN=E8

Valid From

January 12, 2026

Valid Until

April 12, 2026 85 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

91:C5:37:B3:3C:75:E5:D0:21:49:A2:8D:9A:B8:8F:FC:C1:34:CD:8B:9E:A0:01:8C:E0:00:79:3D:E3:31:ED:2A

Alternative Names

3 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Weak

max-age=0; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

sameorigin

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

accelerometer=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), autoplay=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), camera=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), clipboard-read=self, clipboard-write=self, fullscreen=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), geolocation=self, gyroscope=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), hid=self, interest-cohort=self, magnetometer=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), microphone=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), payment=self, picture-in-picture=(self "https://magic.veriff.me" "https://veriff.me" "https://veriff.com" "https://alchemy.veriff.com"), screen-wake-lock=self, serial=self, usb=self

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

3 domains

valr.world *.valr.world *.ses.valr.world