SSL Certificate Analysis for nextlayer.wien - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for as1764.com, as1764.net, blinkenlights.at, cwdm.at, cwdm.org, dwdm.at, ether-net.at, ether-net.net, ether-net.org, not for nextlayer.wien

Open Cached · just now

78/100 SECURITY SCORE

Certificate Information

Subject

CN=nextlayer.gmbh

Issuer

C=US, O=Let's Encrypt, CN=E7

Valid From

December 01, 2025

Valid Until

March 01, 2026 38 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

29:4F:34:D4:93:75:6B:F5:1E:4C:DB:0B:2F:38:0E:FF:3A:03:8E:D8:31:8A:15:1B:1B:E1:A3:38:D4:79:D3:F9

Alternative Names

70 domains

Security Configuration

TLS Protocols

TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

70 domains

as1764.com www.as1764.com

as1764.net www.as1764.net

blinkenlights.at www.blinkenlights.at

cwdm.at www.cwdm.at

cwdm.org www.cwdm.org

dwdm.at www.dwdm.at

ether-net.at www.ether-net.at

ether-net.net www.ether-net.net

ether-net.org www.ether-net.org

etnet.at www.etnet.at

ipv6forfree.at www.ipv6forfree.at

ipv6forfree.ch www.ipv6forfree.ch

ipv6forfree.com www.ipv6forfree.com

ipv6forfree.de www.ipv6forfree.de

ipv6forfree.net www.ipv6forfree.net

ipv6free.com www.ipv6free.com

ipv6tv.at www.ipv6tv.at

next-layer.at www.next-layer.at

next-layer.com www.next-layer.com

next-layer.net www.next-layer.net

next-layer.org www.next-layer.org

nextlayer.biz www.nextlayer.biz

nextlayer.ch www.nextlayer.ch

nextlayer.cloud www.nextlayer.cloud

nextlayer.cz www.nextlayer.cz

nextlayer.de www.nextlayer.de

nextlayer.eu www.nextlayer.eu

nextlayer.gmbh www.nextlayer.gmbh

nextlayer.li www.nextlayer.li

nextlayer.net www.nextlayer.net

nextlayer.org www.nextlayer.org

nextlayer.sk www.nextlayer.sk

nxl.at www.nxl.at

time4ipv6.at www.time4ipv6.at

timeforipv6.at www.timeforipv6.at