SSL Certificate Analysis for grenierasel.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=lowered.it

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

May 30, 2026

Valid Until

August 28, 2026 86 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

1F:93:50:8D:CC:53:20:88:3E:B5:67:B0:EF:C2:2A:29:3F:C7:C9:D4:E2:4F:BF:20:29:5B:B4:23:DA:B6:27:34

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

grenierasel.com *.grenierasel.com *.ww38.grenierasel.com

Other domains in certificate

1131jys301.top *.1131jys301.top *.161820e426.1131jys301.top *.5651ed5153.1131jys301.top *.9d3ebed9ff.1131jys301.top *.f65abeedce.1131jys301.top

aiwebsitebuilder.au *.aiwebsitebuilder.au

alynk.co *.alynk.co *.ww38.alynk.co

andronaticos.xyz *.andronaticos.xyz *.random.andronaticos.xyz

ararbulurum.com *.ararbulurum.com

b8zds.info *.b8zds.info

bmdgroup.za.org *.bmdgroup.za.org

dotseattle.us *.dotseattle.us *.hostmaster.dotseattle.us

flow-st.com *.flow-st.com

foreclosurers.com *.foreclosurers.com

fshdgroup.za.org *.fshdgroup.za.org

*.2.gostrameast.link gostrameast.link *.gostrameast.link *.v2.gostrameast.link *.ww16.gostrameast.link *.ww25.gostrameast.link

heikes-cafe.de *.heikes-cafe.de *.hostmaster.heikes-cafe.de *.ww25.heikes-cafe.de *.ww38.heikes-cafe.de

*.app.imi555zv.xyz *.dashboard.imi555zv.xyz *.dn930.imi555zv.xyz imi555zv.xyz *.imi555zv.xyz *.mail.imi555zv.xyz *.mp7tf.imi555zv.xyz *.staging.imi555zv.xyz *.stg.imi555zv.xyz *.x7pal.imi555zv.xyz

iranianstories.org *.iranianstories.org *.upload.iranianstories.org

leombre.com *.leombre.com

liberdigit.org *.liberdigit.org *.mx.liberdigit.org

*.hostmaster.lowered.it lowered.it *.lowered.it *.remote.lowered.it

*.comune.rocketsciencemovie.com rocketsciencemovie.com *.rocketsciencemovie.com

*.dev.siriakari.store *.flowise.siriakari.store siriakari.store *.siriakari.store *.store.siriakari.store *.ww1.siriakari.store *.ww25.siriakari.store *.ww38.siriakari.store

slobodavockovani.sk *.slobodavockovani.sk

*.gp.tapdance.in *.outlook.tapdance.in *.rdp.tapdance.in *.rds.tapdance.in *.ssl.tapdance.in tapdance.in *.tapdance.in

thriftyjet.com *.thriftyjet.com

*.random.xn--vcs815gvlq.com xn--vcs815gvlq.com *.xn--vcs815gvlq.com