Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=tls.automattic.com
Issuer
C=US, O=Let's Encrypt, CN=E7
Valid From
January 13, 2026
Valid Until
April 13, 2026
89 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
AF:2D:58:08:D8:23:35:1B:41:D4:C8:98:42:06:78:4B:79:CA:88:07:8D:A7:2D:71:EA:87:7D:5E:90:56:CE:90
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
51 domains
knittingdiary.com
www.knittingdiary.com
tls.automattic.com
bernardschaperportfolio.pro
www.bernardschaperportfolio.pro
mariaclara.car.blog
www.mariaclara.car.blog
creativecubes.blog
www.creativecubes.blog
www.cthegeographer.com
digitechsolutions.blog
www.digitechsolutions.blog
dj-mobile-mechanic.com
www.dj-mobile-mechanic.com
www.everdeli.fi
www.bamiosh.family.blog
earnmoneyonline6.finance.blog
teamlewdgaming.game.blog
www.teamlewdgaming.game.blog
groupinvestnet.com
www.groupinvestnet.com
fitzgeraldhuynh68.health.blog
spahappy.health.blog
www.fitzgeraldhuynh68.health.blog
www.spahappy.health.blog
hiwarnheli.com
www.hiwarnheli.com
imidaily.com
imprimerieamprinting.ca
www.imprimerieamprinting.ca
kil-t-ish.com
www.kil-t-ish.com
www.billrodgersthorup4.law.blog
moviesilike.movie.blog
www.flickahlingeriesfemininasvarejolojaintegrada.movie.blog
loserr.music.blog
sontonio.music.blog
www.appetitefor.music.blog
www.loserr.music.blog
www.sontonio.music.blog
orthocareconcierge.com
www.orthocareconcierge.com
petramarionopreis.com
rchqcleaning.com
www.rchqcleaning.com
www.recirclesolutions.com
redbudcottage.com
www.redbudcottage.com
reinemherzenshepherds.com
www.reinemherzenshepherds.com
salvatorecapuano.com
Other domains in certificate