SSL Certificate Analysis for hernutrition.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=fonderie.it

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 04, 2026

Valid Until

May 05, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E6:31:0A:54:5E:58:A8:04:7A:D4:8F:C4:49:0B:DA:A9:FC:BD:4F:42:51:16:96:41:AD:F9:B7:7F:0E:B0:AC:D0

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

hernutrition.com *.hernutrition.com *.cdn.hernutrition.com *.ww17.hernutrition.com

Other domains in certificate

2mar.online *.2mar.online *.pay.2mar.online

735ee.com *.735ee.com

apk-silo.com *.apk-silo.com

*.activate.b66club.club *.apply.b66club.club b66club.club *.b66club.club *.mail.b66club.club *.media.b66club.club *.stage.b66club.club *.ups.b66club.club *.usps.b66club.club *.vps.b66club.club

*.access.beliles.com beliles.com *.beliles.com *.ravpn.beliles.com *.remote.beliles.com *.ssl.beliles.com

*.api.demorgans.com demorgans.com *.demorgans.com *.ww25.demorgans.com

*.demo.dermadiva.com dermadiva.com *.dermadiva.com *.m.dermadiva.com *.rds1.dermadiva.com

digibooks76.xyz *.digibooks76.xyz

eoy.au *.eoy.au *.vic.eoy.au *.wildcard.eoy.au *.ww16.eoy.au

*.affiliate.exofunding.io *.app.exofunding.io *.dashboard.exofunding.io *.docs.exofunding.io exofunding.io *.exofunding.io *.support.exofunding.io

fonderie.it *.fonderie.it *.hostmaster.fonderie.it

*.members.mounia.com mounia.com *.mounia.com

newsmedicine.space *.newsmedicine.space *.pay.newsmedicine.space

*.kafka.oplovers.asia oplovers.asia *.oplovers.asia *.preview.oplovers.asia *.report.oplovers.asia *.uat.oplovers.asia

*.mail.sbhradiators.co.uk sbhradiators.co.uk *.sbhradiators.co.uk *.ww25.sbhradiators.co.uk

*.demo.summertshirt.com *.mail.summertshirt.com summertshirt.com *.summertshirt.com *.test.summertshirt.com *.ww25.summertshirt.com

*.redash.tabletmultimediale.com tabletmultimediale.com *.tabletmultimediale.com

*.cisco1-1test.troner.online *.g.troner.online *.hvtyhug3qk.troner.online troner.online *.troner.online *.voo0semvrczi1fnq.troner.online *.watson.troner.online *.wisla.troner.online

*.bbs.weltsicht.com weltsicht.com *.weltsicht.com *.ww25.weltsicht.com