SSL Certificate Analysis for gp.funkybubble.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=funkybubble.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 11, 2026

Valid Until

May 12, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

76:B6:9B:B7:49:AD:D7:B5:C0:56:68:2A:99:30:70:98:49:71:71:8B:85:84:1E:89:BB:3E:FB:2C:6C:74:05:34

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

funkybubble.com *.funkybubble.com *.gp.funkybubble.com *.portal.funkybubble.com *.remote.funkybubble.com *.ssl.funkybubble.com *.vpn.funkybubble.com

Other domains in certificate

*.acceptance.agentsjson.dev agentsjson.dev *.agentsjson.dev *.dev.agentsjson.dev *.mail1.agentsjson.dev *.marketing.agentsjson.dev *.staging.agentsjson.dev *.stg.agentsjson.dev *.werkenbij.agentsjson.dev

beese.net *.beese.net *.ww1.beese.net *.ww41.beese.net

*.adblock.cnaclassescharlotte.org *.app.cnaclassescharlotte.org cnaclassescharlotte.org *.cnaclassescharlotte.org *.dc4c8fa2-8d64-4ff7-8bb8-37f86f966f23.cnaclassescharlotte.org *.doh.cnaclassescharlotte.org *.mail.cnaclassescharlotte.org *.mkkpvzrcvpmembers.cnaclassescharlotte.org *.ns.cnaclassescharlotte.org *.zrcvpmembers.cnaclassescharlotte.org

*.api-stage.crow.finance crow.finance *.crow.finance *.documentation.crow.finance *.forum.crow.finance *.frontend.crow.finance *.graphql-playground.crow.finance *.landing.crow.finance *.m.crow.finance *.monitoring.crow.finance *.mssql.crow.finance *.pg.crow.finance *.sitemap.crow.finance *.themes.crow.finance

*.beta.disi9.cc *.demo.disi9.cc *.development.disi9.cc disi9.cc *.disi9.cc *.m.disi9.cc *.qa.disi9.cc

fek.fr *.fek.fr *.remote.fek.fr

fiz.com.au *.fiz.com.au

*.d9ed7017d5f5.gentletwinks.com gentletwinks.com *.gentletwinks.com *.www.gentletwinks.com

infinitycorp.be *.infinitycorp.be

twodaymba.com *.twodaymba.com *.ww1.twodaymba.com

*.scvlca.ycfxz9.motorcycles ycfxz9.motorcycles *.ycfxz9.motorcycles