SSL Certificate Analysis for duoreado.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=www.keeperquotes.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

January 02, 2026

Valid Until

April 02, 2026 78 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

AC:56:E9:24:5B:79:4E:35:5E:EF:D4:F9:A8:B3:0F:5E:A6:36:D9:0B:4F:EE:8D:8B:1B:61:39:05:18:04:DE:DE

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

duoreado.com

Other domains in certificate

www.10roads.dk

lowes-decking-preview-cert.3dcloud.io

3hoa.com

www.activatedcarbongold.com

www.alephantgroup.com

auth.anque.dev

arotech.io

aurasglobal.com

list.bange.app

bildseen.com

blossomvillager.org

bootspruefungen.de

bushin3150.com

casa-estelle.com

www.cbiconsole.org

www.cbrunner.de

chakrasoft.com

app.chesskid.com

cible.app

app.clivi.com

xolary.cloudframework.app

pagamento.clubedebeneficiosbr.com.br

442.co.il

girlsreachout.com.ng

www.conxme.in

crustymenu.com

share.dsfpro.dev

storage.easy-catalog.app

app.fluttertips.dev

ghanaelearn.net

www.golfscore.ie

hub.grubpe.com

gsventuresinc.com

www.hades-swiebodzice.pl

www.hjlanguages.co.uk

usage-admin-portal.ingeniumedu.com

josefinagrooming.com

www.keeperquotes.com

www.kenesty.online

www.knight.vision

www.kolawallet.app

www.lion-elk.com

m.x.loplat.com

manycarbon.com

martinmade.me

memoriam.jp

mrdriver.ca

muhammaddawood.com

mvskiran.dev

nd-filter-expert.com

superstar.neoufitness.com

noclegiczyzew.pl

my.onemoretask.io

chennai.onewaytaxiwala.com madurai.onewaytaxiwala.com

ottawamensconference.ca

www.paulutsch.de

admin.payschoool.com

playlingle.com

powermodeai.com

www.prayersphere.com

home.purpleinkenter.com

factorizer.quant-agile.com

ranlele.com

auth.reactiveforge.com

researchout.com

rihlaai.com

ripusapo.jp

www.roarnft.xyz

royal-lodge.com

home.sanchez.llc

sellbelly.com

layout.simulaton.com

banten-admin.sonice-aioe.com

spheraus.com

partners.sprytelabs.com

msucowbellrace.sqwadhq.com unityhsshuffleadmin.sqwadhq.com

srikrishnaglobal.com

dev.editor.stylers.cloud

www.talvix.co

tcgting.no

rental.tecfy.co

admin.technika.com.br

www.tednz.win

terpity.com

www.thepassionatetrader.com

staging-aprovacao.thumbz.com.br

mealmate.timozuther.de

tuneholics.com

www.unreal-dev.com

upsellproductaddons.com

vabby.dev

rmht.wiselysoftware.com

worthydrinks.com

xhibs.com

xpathchecker.com

fb.balm.xx.kg

yam.contact