SSL Certificate Analysis for donate.duality2d.net - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=blizz-art.com

Issuer

C=US, O=Let's Encrypt, CN=YR1

Valid From

May 28, 2026

Valid Until

August 26, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3F:FB:0E:EB:30:8F:AE:CB:82:A8:D3:38:80:FF:A2:30:F1:84:60:A3:D5:B1:72:76:30:B7:97:36:05:EF:0F:A8

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

duality2d.net *.duality2d.net *.chat.duality2d.net *.docs.duality2d.net *.donate.duality2d.net *.forum.duality2d.net *.get.duality2d.net *.showcase.duality2d.net *.tutorial.duality2d.net

Other domains in certificate

balkanhotel.com *.balkanhotel.com

blizz-art.com *.blizz-art.com

cairohotel.online *.cairohotel.online *.eg.cairohotel.online

cashforcarsoh.com *.cashforcarsoh.com

davatimedical.com *.davatimedical.com *.ww16.davatimedical.com *.ww25.davatimedical.com

*.access.esgni.org *.apps.esgni.org *.connect.esgni.org esgni.org *.esgni.org *.gateway.esgni.org *.gp.esgni.org *.m.esgni.org *.portal.esgni.org *.ra.esgni.org *.rd.esgni.org *.rds.esgni.org *.rdweb.esgni.org *.remote.esgni.org *.remoteapp.esgni.org *.secure.esgni.org *.ssl.esgni.org *.sslvpn.esgni.org *.ts.esgni.org *.webvpn.esgni.org *.yoi7ka.esgni.org

exportx.com.au *.exportx.com.au *.sitemap.exportx.com.au

*.bi.instrctables.com *.ci.instrctables.com *.cicd.instrctables.com *.flowise.instrctables.com instrctables.com *.instrctables.com *.jenkins.instrctables.com *.pipeline.instrctables.com *.preview.instrctables.com *.random.instrctables.com *.ww16.instrctables.com *.ww38.instrctables.com

kby.au *.kby.au

*.callofduty.lilcaesars.com lilcaesars.com *.lilcaesars.com *.ww17.lilcaesars.com *.ww25.lilcaesars.com

mironconst.com *.mironconst.com

nbp.com.au *.nbp.com.au *.yvesrocher.nbp.com.au

*.lancaster.pei.us pei.us *.pei.us *.state.pei.us *.sympatico.pei.us *.wildcard.pei.us *.ww25.pei.us

royalbilliards.com *.royalbilliards.com

shortstories.au *.shortstories.au *.ww25.shortstories.au *.ww38.shortstories.au

*.de.stripchag.com *.es.stripchag.com stripchag.com *.stripchag.com

w3.legal *.w3.legal