SSL Certificate Analysis for jp.zanhe.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=johnbakhmat.tech

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 17, 2025

Valid Until

March 17, 2026 48 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

63:23:A8:AF:96:AB:AF:21:89:6B:0F:30:C3:17:E1:21:51:2C:A5:79:34:D9:32:55:F9:A5:9E:BD:B3:7A:65:46

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

zanhe.com *.zanhe.com *.bbs.zanhe.com *.cn.zanhe.com *.media.zanhe.com *.mwc.zanhe.com *.news.zanhe.com *.static.zanhe.com *.video.zanhe.com *.wu-chinese.zanhe.com *.ww38.zanhe.com *.ww5.zanhe.com *.www.zanhe.com

Other domains in certificate

1esq.com.br *.1esq.com.br

acervocaliban.com.br *.acervocaliban.com.br

aero-trade.co *.aero-trade.co

cougarwomen.us *.cougarwomen.us *.vfyamww25.cougarwomen.us

countryandwestern.com.au *.countryandwestern.com.au

dbtv.cc *.dbtv.cc *.ww25.dbtv.cc

gumicsizma.eu *.gumicsizma.eu

herniserverlist.eu *.herniserverlist.eu

*.admin.hotpromotions.online *.arugula.hotpromotions.online *.demo.hotpromotions.online hotpromotions.online *.hotpromotions.online

*.admin.iphoneimel.info iphoneimel.info *.iphoneimel.info *.random.iphoneimel.info *.ww25.iphoneimel.info *.ww38.iphoneimel.info *.zeydlgqcypasdw65.iphoneimel.info

johnbakhmat.tech *.johnbakhmat.tech *.pinned.johnbakhmat.tech *.shorty.johnbakhmat.tech

*.ges.jpo-d.com jpo-d.com *.jpo-d.com

*.automotive.localdirectory.com.au *.dubbo.localdirectory.com.au localdirectory.com.au *.localdirectory.com.au *.wine.localdirectory.com.au *.wne.localdirectory.com.au

melina.au *.melina.au

*.de.munai.studio *.en.munai.studio *.fr.munai.studio munai.studio *.munai.studio *.ww25.munai.studio

physicscondensate.com *.physicscondensate.com

searchadultonly.com *.searchadultonly.com

*.emv1.tenantinsurance.au tenantinsurance.au *.tenantinsurance.au

*.0.thestagmommas.com *.cpanel.thestagmommas.com *.cpcalendars.thestagmommas.com *.cpcontacts.thestagmommas.com *.ebdisk.thestagmommas.com *.mail.thestagmommas.com *.node01.thestagmommas.com *.ns1.thestagmommas.com thestagmommas.com *.thestagmommas.com *.webdisk.thestagmommas.com *.webmail.thestagmommas.com *.wiki.thestagmommas.com *.ww1.thestagmommas.com *.ww7.thestagmommas.com *.www6.thestagmommas.com *.www70.thestagmommas.com