SSL Certificate Analysis for mannat.life - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=elrow.shop

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 05, 2026

Valid Until

August 03, 2026 77 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

4E:43:91:35:DA:FF:22:49:9F:06:28:95:5B:66:DD:A9:9F:48:26:EE:3C:14:6D:45:07:AE:C2:67:99:2C:8C:D0

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

mannat.life *.mannat.life *.32.mannat.life

Other domains in certificate

*.aclfeca.barcelonastartupcongress.com barcelonastartupcongress.com *.barcelonastartupcongress.com *.cpanel.barcelonastartupcongress.com *.ww7.barcelonastartupcongress.com *.www.barcelonastartupcongress.com *.xnecma.barcelonastartupcongress.com

*.arwww.cumbredelospueblos.org cumbredelospueblos.org *.cumbredelospueblos.org *.superset.cumbredelospueblos.org *.zone.cumbredelospueblos.org

*.54926341-9cf7-457d-9dad-227d56a545e8.elrow.shop *.54ecb1ce-d062-4eef-a425-6b66e8ce8418.elrow.shop *.admin.elrow.shop *.api.elrow.shop *.app.elrow.shop *.assets.elrow.shop *.backup.elrow.shop *.c6a5b53f-0c4b-4627-85a3-f35f9f655a20.elrow.shop *.demo.elrow.shop *.dev.elrow.shop elrow.shop *.elrow.shop *.mail.elrow.shop *.new.elrow.shop *.staging.elrow.shop *.test.elrow.shop *.uat.elrow.shop

*.0afmf.haeurodns.cfd *.34e83e4c-ea8a-4131-9937-0de7658971fc.haeurodns.cfd *.5jsd7.haeurodns.cfd *.6y8gt.haeurodns.cfd *.app.haeurodns.cfd *.assets.haeurodns.cfd *.demo.haeurodns.cfd *.dev.haeurodns.cfd *.ead.haeurodns.cfd *.ebwif.haeurodns.cfd haeurodns.cfd *.haeurodns.cfd *.i51qg.haeurodns.cfd *.jiupgblog.haeurodns.cfd *.karriere.haeurodns.cfd *.vizaseq.haeurodns.cfd *.yhue2.haeurodns.cfd *.z4gbs.haeurodns.cfd

*.dan.insuranceforart.com insuranceforart.com *.insuranceforart.com

*.admin.luckystar7777.com *.ht.luckystar7777.com luckystar7777.com *.luckystar7777.com *.random.luckystar7777.com *.ww38.luckystar7777.com *.www.luckystar7777.com

*.assets.wimbled.com *.cloud.wimbled.com *.dan.wimbled.com *.dc68ff29-e876-4e82-ade2-7f52039c58b5.wimbled.com *.e008cb85-ecac-4aaa-9773-1e22f87e8dc5.wimbled.com *.g8qpv4.wimbled.com *.mx.wimbled.com *.remote.wimbled.com *.smtp.wimbled.com *.staging.wimbled.com *.ticketsale.wimbled.com wimbled.com *.wimbled.com *.www.wimbled.com