SSL Certificate Analysis for ifcastaneda.cl - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=www.choiceofledlighting.co.uk

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 10, 2025

Valid Until

January 08, 2026 48 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

5B:47:46:FD:E9:2D:12:98:F7:05:96:05:73:38:A2:B0:6C:80:10:38:85:AB:DA:0B:75:8C:6C:7B:7F:3C:4C:83

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

ifcastaneda.cl

Other domains in certificate

050650.hrdoc.dk

kp-user-manager.acasus.com

www.adrianolobo.dev

monge-corredora-dev.affinity.do

www.armillary.co.uk

asatelit.com

ayanesuzuki.jp

www.bencevass.com

beta.bidmii.com

uatsb.biibiic.com

sites.bluehostsites.com

developer.botsup.cc

app.bottle-vault.com

ppctools.brandsflow.co

www.choiceofledlighting.co.uk

metrics.chrisvogt.me

codeisgame.com

airos.com.tr

www.cort.ar

dallagnoladvogados.com.br

maintenance.dawnlit.com

e3counseling.com

www.friedmanfamilymediation.com

app.frontiergroup.info

applinks.ftftorbit.com

s05finals.gameofapps.org

app.gatodasorte.com

www.globalmaritimeaa.org

www.gobackstage.co

www.gorillasports.ua

gracenotary.ca

grasshopperpaints.com

studio.gtknow.com

harweel.com

ibb.co.nz

netcabs-hub-staging.ingogodev.net

verifyme.inukso.com

jcvalencia.dev

jesusurrutia.com

jewel.church

www.kaydeeprofessional.com

kys.kiddush.co.za

landingpage.kukerja.id

laurenwinebar.com

logarist.com

markriggan.com

www.martinmaterialsolutions.com

www.mazpartes.com

www.melontownfriends.com

minderva.io

admin.myconferenceapp.com

mystorier.com

shortlinks.nearcast.com

netelite-it.ch

www.ode.dev

ojascode.com.au

stage.onmyown.eu

stage.organizeat.com

landing.ostrichoo.nl

link.parkfestivalsittard.nl

philomatech.com

signage.dev.pltfrm.jp

www.plumislandcarvings.com

printendruk.be

app.kc.dev.provisionai.com

skillcatalyst.pssgroup.ro

tour.ratality.com

reimentertainment.com

resorthour.com

www.retvildt.dk

rullebo.rocks

app-auth.prd.samcart.dev

www.sennaservicos.com.br

skudu.online

admin.sndplumbing.com

startupguru.org

studioone.dev

tamsinlewis.co.uk

admin.the3dapp.com

timiowoturo.com

tinygiganticgames.com

wordpress.tombolajaib.com

topicapps.com

fourbios.minhacentral.trausedu.com.br

tupodologa.es

www.ucbyanggang.com

event.vidocto.com

viexel.com

feedbus.vizury.com

vseconline.com

araya.web.id

www.whitewater.ro

dev.admin.workant.io

dev.wormaldsecurity.cl

worshipdepartment.in

links.wunderflats.xyz

y-hu.dev

link.yesrewards.net