SSL Certificate Analysis for forums.cezali.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=dirtytalk.it

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 04, 2026

Valid Until

May 05, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

32:47:B3:36:02:51:D8:CA:38:C0:61:FE:89:9D:86:56:E0:09:BF:82:38:2F:AD:5A:37:CD:BF:A1:35:B7:F3:FB

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

cezali.com *.cezali.com *.forums.cezali.com *.mail.cezali.com *.ww25.cezali.com

Other domains in certificate

*.acquire.aouvrz.com aouvrz.com *.aouvrz.com *.briefly.aouvrz.com *.bunch.aouvrz.com *.campus.aouvrz.com *.hyx3z.aouvrz.com *.hyxvz.aouvrz.com *.hyxvz2.aouvrz.com *.hyxyz1.aouvrz.com *.hyxyz2.aouvrz.com *.hyxyz3.aouvrz.com *.hyxyz4.aouvrz.com *.hyydz2.aouvrz.com *.hyyez2.aouvrz.com *.hyyez4.aouvrz.com *.hyyfz1.aouvrz.com *.hyyfz2.aouvrz.com *.hyygz1.aouvrz.com *.hyyjz4.aouvrz.com *.hyykz2.aouvrz.com *.hyyrz2.aouvrz.com *.m.aouvrz.com *.users.aouvrz.com *.wildcard.aouvrz.com *.ww25.aouvrz.com

ayomide.com *.ayomide.com *.owoyemi.ayomide.com

*.circle.com.bayern com.bayern *.com.bayern *.fidelityview.com.bayern *.indeed.com.bayern *.moodmedia.com.bayern *.netskope.com.bayern *.pudgypenguins.com.bayern

dirtytalk.it *.dirtytalk.it *.notexistsstaging.dirtytalk.it

fidelitycharitble.org *.fidelitycharitble.org *.wildcard.fidelitycharitble.org *.ww25.fidelitycharitble.org *.ww38.fidelitycharitble.org

*.app.img.us *.https.img.us img.us *.img.us *.mobileapp.img.us *.mx.img.us *.mx10.img.us *.outmail.img.us *.po.img.us *.ssl.img.us *.test.img.us *.v5.img.us

*.app.lagacy.com *.dash.lagacy.com lagacy.com *.lagacy.com *.tes.lagacy.com *.ww38.lagacy.com

movie-hd.us *.movie-hd.us *.tw.movie-hd.us *.ultra.movie-hd.us *.zh.movie-hd.us

*.admin.vvvvvv.online *.hk6.vvvvvv.online *.lntqmo-us1.vvvvvv.online *.m-voghion.vvvvvv.online *.o-us1.vvvvvv.online *.pay.vvvvvv.online *.uwtkbsg3.vvvvvv.online vvvvvv.online *.vvvvvv.online

*.access.we-hentai.com *.dev.we-hentai.com *.files.we-hentai.com *.flowise.we-hentai.com *.ssl.we-hentai.com we-hentai.com *.we-hentai.com *.wfiles.we-hentai.com