SSL Certificate Analysis for fi.fanchavip.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=wah.de

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 06, 2026

Valid Until

May 07, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B1:88:27:E7:97:23:0B:0A:3F:A3:CA:81:0D:EE:A7:AA:B4:D5:F6:4A:49:93:8E:41:A5:CA:11:0B:69:63:69:EA

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

fanchavip.com *.fanchavip.com *.1.fanchavip.com *.a.fanchavip.com *.ai.fanchavip.com *.b.fanchavip.com *.bi.fanchavip.com *.by.fanchavip.com *.ci.fanchavip.com *.di.fanchavip.com *.e.fanchavip.com *.ei.fanchavip.com *.f.fanchavip.com *.fi.fanchavip.com *.g.fanchavip.com *.h.fanchavip.com *.i.fanchavip.com *.j.fanchavip.com *.n.fanchavip.com *.nfc.fanchavip.com *.ww38.fanchavip.com

Other domains in certificate

7starhd.life *.7starhd.life *.app.7starhd.life *.aws.7starhd.life *.blog.7starhd.life *.dev.7starhd.life *.ftp.7starhd.life *.www.7starhd.life

88882266xx6.shop *.88882266xx6.shop *.com.88882266xx6.shop

aieapoke.com *.aieapoke.com

allungamentopene.it *.allungamentopene.it *.il.allungamentopene.it

bebeaunaturel.com *.bebeaunaturel.com

boabr4.com *.boabr4.com

happyfortunebet.com *.happyfortunebet.com

*.ffywwdzl.hnyfjx.com hnyfjx.com *.hnyfjx.com *.qyirfdwy.hnyfjx.com *.t.hnyfjx.com

*.dash.kazu.it kazu.it *.kazu.it

lesetudiants.com *.lesetudiants.com

manaktala.com *.manaktala.com

nggs.org *.nggs.org *.remote.nggs.org

*.3g.onlinemusicstreams-d.site *.api-dev.onlinemusicstreams-d.site *.api.onlinemusicstreams-d.site *.home.onlinemusicstreams-d.site *.mail.onlinemusicstreams-d.site onlinemusicstreams-d.site *.onlinemusicstreams-d.site *.pay.onlinemusicstreams-d.site *.webmail.onlinemusicstreams-d.site *.wss.onlinemusicstreams-d.site *.www.onlinemusicstreams-d.site *.zoom.onlinemusicstreams-d.site

pavilioncuisine.co.uk *.pavilioncuisine.co.uk *.wildcard.pavilioncuisine.co.uk

*.ad.ritzgardenhotel.com *.book.ritzgardenhotel.com *.ipoh.ritzgardenhotel.com *.m1.ritzgardenhotel.com *.mail.ritzgardenhotel.com ritzgardenhotel.com *.ritzgardenhotel.com *.www.ritzgardenhotel.com *.www1.ritzgardenhotel.com *.www4.ritzgardenhotel.com *.www6.ritzgardenhotel.com *.www7.ritzgardenhotel.com *.www8.ritzgardenhotel.com

*.figjwfsg.wah.de *.online.wah.de wah.de *.wah.de