SSL Certificate Analysis for ezcatere.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=physics-louisiana.org

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 25, 2026

Valid Until

April 25, 2026 75 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

40:BF:CB:94:5D:11:35:71:00:52:BD:B1:B6:34:07:49:CE:B6:E1:23:92:35:32:3C:96:E0:BD:A0:7D:AB:C1:39

Alternative Names

87 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

87 domains

ezcatere.com *.ezcatere.com

Other domains in certificate

1111mod.com *.1111mod.com *.sava.1111mod.com

1dice.tech *.1dice.tech *.cicd.1dice.tech *.hostmaster.1dice.tech *.hotfix-jenkins.1dice.tech *.test-jenkins.1dice.tech *.www.1dice.tech

7wbkzh8s9.xyz *.7wbkzh8s9.xyz *.ww25.7wbkzh8s9.xyz

airseal.com.au *.airseal.com.au

apara.com.au *.apara.com.au

blogging.cm *.blogging.cm

drylab.com.au *.drylab.com.au

eacater.com *.eacater.com

*.docs.fletchwallet.io fletchwallet.io *.fletchwallet.io *.ww25.fletchwallet.io

forhoims.com *.forhoims.com

genderconference.info *.genderconference.info *.webmail.genderconference.info

glasnostonline.org *.glasnostonline.org

housekits.com.au *.housekits.com.au

hsantelmo.es *.hsantelmo.es

ibbercaja.es *.ibbercaja.es

jaihinddaily.in *.jaihinddaily.in

nashvillepartybar.com *.nashvillepartybar.com

netballnews.com.au *.netballnews.com.au

pashminas.com.au *.pashminas.com.au

physics-louisiana.org *.physics-louisiana.org

picturefram4es.com *.picturefram4es.com

promptethics.com *.promptethics.com

prosperdriversed.net *.prosperdriversed.net

retouched.com.au *.retouched.com.au

sellyourbike.com *.sellyourbike.com

softone.es *.softone.es

solarwall.com.au *.solarwall.com.au

song-lyrics-generator.org *.song-lyrics-generator.org

spotrate.com.au *.spotrate.com.au

thanetnetball.co.uk *.thanetnetball.co.uk

trhinkific.com *.trhinkific.com

vdplc.com *.vdplc.com *.ww25.vdplc.com

vercanales.es *.vercanales.es

wvmiss.com *.wvmiss.com

ythinkific.com *.ythinkific.com

*.random.zombiepumkins.com *.www.zombiepumkins.com zombiepumkins.com *.zombiepumkins.com