SSL Certificate Analysis for ofra-biz-ex.ner-sitedesign.biz - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=bluemoonsoftware.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 24, 2025

Valid Until

March 24, 2026 75 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

7B:55:C1:92:7F:60:AC:17:50:52:9E:89:62:0C:CF:1E:04:43:43:2B:B8:3C:A9:F3:AE:09:35:2A:7C:51:7F:69

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

ner-sitedesign.biz *.ner-sitedesign.biz *.chava.ner-sitedesign.biz *.generaltest.ner-sitedesign.biz *.generaltest1.ner-sitedesign.biz *.graphics-shop.ner-sitedesign.biz *.graphicsstore.ner-sitedesign.biz *.kemort.ner-sitedesign.biz *.msyof.ner-sitedesign.biz *.ofra-biz-ex.ner-sitedesign.biz *.ofra-biz.ner-sitedesign.biz *.ort.ner-sitedesign.biz *.pb.ner-sitedesign.biz *.studio-valdman.ner-sitedesign.biz *.x1.ner-sitedesign.biz

Other domains in certificate

bluemoonbrewjingcompany.com *.bluemoonbrewjingcompany.com *.ww38.bluemoonbrewjingcompany.com

bluemoonsoftware.com *.bluemoonsoftware.com *.ww16.bluemoonsoftware.com *.ww25.bluemoonsoftware.com

*.be.late.today *.cam.late.today *.come.late.today *.get.late.today *.ko.late.today late.today *.late.today *.little.late.today *.mail.late.today *.mpotse.late.today *.ngibe.late.today *.open.late.today *.real.late.today *.sleep.late.today *.sp.late.today *.to.late.today *.too.late.today *.up.late.today *.was.late.today *.woking.late.today *.work.late.today *.working.late.today *.wprkee.late.today *.you.late.today

*.27h4h1x31arlrmhqae88hjnhk.mscmsit.xyz *.2me4io04uy7mxktfwznk3bpfo.mscmsit.xyz *.37mtceq31roiudprjzyv0452r.mscmsit.xyz *.3g.mscmsit.xyz *.app.mscmsit.xyz *.backend.mscmsit.xyz *.cdn.mscmsit.xyz *.com.mscmsit.xyz *.cpcontacts.mscmsit.xyz *.d.mscmsit.xyz *.data.mscmsit.xyz *.magento.mscmsit.xyz *.media.mscmsit.xyz mscmsit.xyz *.mscmsit.xyz *.s.mscmsit.xyz *.schedule.mscmsit.xyz *.site.mscmsit.xyz *.superset.mscmsit.xyz *.town.mscmsit.xyz *.usps.mscmsit.xyz *.ww17.mscmsit.xyz *.www1.mscmsit.xyz