SSL Certificate Analysis for dev.yoni.quest - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=biblicalseminary.org

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 11, 2026

Valid Until

May 12, 2026 78 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

39:3B:92:11:01:0C:6B:BA:0A:4B:B2:24:66:0F:EA:EF:F7:0E:A8:17:A4:9B:D3:3A:F4:6D:89:B1:5A:25:69:30

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

yoni.quest *.yoni.quest

Other domains in certificate

biblicalseminary.org *.biblicalseminary.org

bonsplans.org *.bonsplans.org

nrn.co.in *.nrn.co.in

durble.co *.durble.co *.ww7.durble.co

lemine2.site *.lemine2.site

likebook.site *.likebook.site

lindastore-eg.com *.lindastore-eg.com

liquidseek.com *.liquidseek.com

look-binding.com *.look-binding.com

lospimentoneros.com *.lospimentoneros.com

lucabetasia.info *.lucabetasia.info

lumpinoumod.com *.lumpinoumod.com

m90clan.com *.m90clan.com

marginaccountcalc.com *.marginaccountcalc.com

milan168.vip *.milan168.vip

mistrategyforum.com *.mistrategyforum.com

mygod1.site *.mygod1.site

mylgmbizpak.com *.mylgmbizpak.com

nanba.cc *.nanba.cc

naturescapejax.com *.naturescapejax.com

nickjefferson.com *.nickjefferson.com

nlnwllc.cn *.nlnwllc.cn

northbranchcabins.com *.northbranchcabins.com

nudehard.com *.nudehard.com

opalscreen.io *.opalscreen.io

oretnom23.com *.oretnom23.com

oroscopo.vip *.oroscopo.vip

otx-2.com *.otx-2.com

ozzogaming.site *.ozzogaming.site

pablorojasvc.com *.pablorojasvc.com

palmarosa.com *.palmarosa.com

partitaascacchi.it *.partitaascacchi.it

paulsorvinofoods.com *.paulsorvinofoods.com

payfor-essay.site *.payfor-essay.site

pentagonbeachhouse.com *.pentagonbeachhouse.com

perfectscents4cars.com *.perfectscents4cars.com

pgspin888.life *.pgspin888.life

piggy888.bet *.piggy888.bet

pretoriafees.co.za *.pretoriafees.co.za

pun123.bet *.pun123.bet

yellowfin.tokyo *.yellowfin.tokyo

yfzhgr.cn *.yfzhgr.cn

z16.bio *.z16.bio