SSL Certificate Analysis for nairestore.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=ethu.fund

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 27, 2026

Valid Until

July 26, 2026 73 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

99:3A:1C:30:E5:C5:77:41:C7:D2:0A:87:54:1E:45:B1:BF:2B:6B:D5:72:96:E9:22:45:C8:35:60:BA:26:BA:1A

Alternative Names

86 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

86 domains

nairestore.com *.nairestore.com

Other domains in certificate

30355.my *.30355.my

339913.one *.339913.one *.one.339913.one

69109.one *.69109.one

7jfwqss.cc *.7jfwqss.cc

accepted.it *.accepted.it *.ww25.accepted.it *.ww38.accepted.it

activatefyxerstrike.info *.activatefyxerstrike.info

agentiqence.com *.agentiqence.com

archeanalysis.info *.archeanalysis.info

bplyu.auction *.bplyu.auction

breakthroughfyxerhit.info *.breakthroughfyxerhit.info

car-tinting-425.sbs *.car-tinting-425.sbs

cigim.cc *.cigim.cc

ckjshvxkcy.cc *.ckjshvxkcy.cc

consumerconnectcom.in *.consumerconnectcom.in

datafyxerstrike.info *.datafyxerstrike.info

esadworks.com *.esadworks.com

*.admin.ethu.fund ethu.fund *.ethu.fund *.mail.ethu.fund

*.demo.ev77.me ev77.me *.ev77.me

*.dan.firstdesign.co firstdesign.co *.firstdesign.co

firstlledger.net *.firstlledger.net

*.32.heathappdataprivacylitigation.com heathappdataprivacylitigation.com *.heathappdataprivacylitigation.com

journeyassurance.xyz *.journeyassurance.xyz

mywydernet.com *.mywydernet.com

novoappespiao.com *.novoappespiao.com

saudiwaves.com *.saudiwaves.com

stripenext.com *.stripenext.com

suewort.com *.suewort.com

tailwaggingdogs.com *.tailwaggingdogs.com

teampactventures.com *.teampactventures.com

tellalls.com *.tellalls.com

tpwst.auction *.tpwst.auction

ubbgr.reviews *.ubbgr.reviews

uudeer.cc *.uudeer.cc

vagariously.com *.vagariously.com

www68435.cc *.www68435.cc

xn--unup4y46db3o.net *.xn--unup4y46db3o.net

yqiw32u.cc *.yqiw32u.cc

zzz271.cc *.zzz271.cc