SSL Certificate Analysis for lhodkiewicz.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=91cangku44.buzz

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 18, 2026

Valid Until

July 17, 2026 68 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

FB:46:F6:58:BE:1E:07:67:F5:10:B0:2A:D0:91:5C:07:F2:7B:EB:C9:35:CC:E2:C2:F2:69:53:CA:02:66:8F:1B

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

lhodkiewicz.com *.lhodkiewicz.com

Other domains in certificate

0418-coffee-machine002.sbs *.0418-coffee-machine002.sbs

06850.blog *.06850.blog

07565.co *.07565.co

07606.co *.07606.co

09172.co *.09172.co

1109yhj301.top *.1109yhj301.top

14153.blog *.14153.blog

16095.blog *.16095.blog

2111728a6.sbs *.2111728a6.sbs

21718.co *.21718.co

21789.gdn *.21789.gdn

223408.town *.223408.town

234677.xyz *.234677.xyz

26975.blog *.26975.blog

27089.co *.27089.co

28699.co *.28699.co

29335.co *.29335.co

301705.blog *.301705.blog

91cangku44.buzz *.91cangku44.buzz

lillypulitzeonline.shop *.lillypulitzeonline.shop

loafercorner.shop *.loafercorner.shop

lojaminichina.com *.lojaminichina.com

lpfeffer.com *.lpfeffer.com

lumiskin.pro *.lumiskin.pro

lziemann.com *.lziemann.com

macnaugh.com *.macnaugh.com

malajsie.com *.malajsie.com

minimuscoin.info *.minimuscoin.info *.uat.minimuscoin.info

mitao502.xyz *.mitao502.xyz

modestystyle.com *.modestystyle.com

moraytyres.co.uk *.moraytyres.co.uk

ncvtitiresult.art *.ncvtitiresult.art

neil-usher.info *.neil-usher.info

nemexo.com *.nemexo.com

newsminted.xyz *.newsminted.xyz

nharber.com *.nharber.com

nyelove.com *.nyelove.com

obradtke.com *.obradtke.com

*.12fe57e2-62f2-4ab5-97c0-1677d4f89267.scarpetta.dk *.api.scarpetta.dk *.app.scarpetta.dk *.cloud.scarpetta.dk *.m.scarpetta.dk *.mail.scarpetta.dk *.new.scarpetta.dk *.rds.scarpetta.dk *.remote.scarpetta.dk scarpetta.dk *.scarpetta.dk