76/100 SECURITY SCORE

Certificate Information

Subject
CN=coinpal.me
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
January 12, 2026
Valid Until
April 12, 2026 45 days
Public Key
RSA 4096 bit Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A2:EA:4A:70:E5:77:F1:D5:8D:1A:CA:E1:19:DB:0A:F4:EC:84:A6:F6:38:DF:93:1E:24:BC:33:2C:CB:AF:9E:91
Alternative Names

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured Analyze
Content-Security-Policy-Report-Only
Missing
Not configured Analyze
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

81 domains
uploads4u.net *.uploads4u.net *.hostmaster.uploads4u.net *.www.uploads4u.net

Other domains in certificate

*.aa.aianmh3.me *.admin.aianmh3.me aianmh3.me *.aianmh3.me *.api.aianmh3.me *.app.aianmh3.me *.assets.aianmh3.me *.demo.aianmh3.me *.dev.aianmh3.me *.m.aianmh3.me *.test.aianmh3.me *.wildcard.aianmh3.me *.ww1.aianmh3.me *.ww25.aianmh3.me *.ww3.aianmh3.me
barclayuscards.com *.barclayuscards.com *.uat.barclayuscards.com *.ww25.barclayuscards.com
centralgarageleeds.co.uk *.centralgarageleeds.co.uk
*.auth.coinpal.me *.bc.coinpal.me coinpal.me *.coinpal.me *.help.coinpal.me *.ww38.coinpal.me
coxinhas.eu *.coxinhas.eu
*.addonformcpe.mcaddons.net *.autoconfig.mcaddons.net *.ddzojsmybluehostme.mcaddons.net *.infiniteaddons.mcaddons.net *.info.mcaddons.net *.k.mcaddons.net mcaddons.net *.mcaddons.net *.my.mcaddons.net *.support.mcaddons.net *.website-1980e3d6.mcaddons.net *.website-2ff7c98b.mcaddons.net *.website-439c139f.mcaddons.net *.website-9f6a640f.mcaddons.net *.website-af7e20bf.mcaddons.net *.website-de592a5d.mcaddons.net *.website-f0e0f796.mcaddons.net
*.1ccikeod7y.notepadplusplus.com *.board.notepadplusplus.com *.chat.notepadplusplus.com *.dash.notepadplusplus.com notepadplusplus.com *.notepadplusplus.com *.qa.notepadplusplus.com *.sandbox.notepadplusplus.com *.staging.notepadplusplus.com *.visualizations.notepadplusplus.com
nyrtsschedular.com *.nyrtsschedular.com *.roadtestresult.nyrtsschedular.com *.roadtestresults.nyrtsschedular.com
payjpal.com *.payjpal.com *.secure.payjpal.com *.ww11.payjpal.com *.ww17.payjpal.com *.ww25.payjpal.com *.ww38.payjpal.com
replacementsparts.com *.replacementsparts.com *.ww25.replacementsparts.com *.xn--ww38-976a.replacementsparts.com
*.8zmnqt5f.wcnmdmht.biz *.hjqpecql.wcnmdmht.biz *.ndbc5oz5.wcnmdmht.biz *.v3dchxi7.wcnmdmht.biz wcnmdmht.biz *.wcnmdmht.biz