SSL Certificate Analysis for oppamaen.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=discovwe.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 12, 2026

Valid Until

April 12, 2026 62 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3C:FB:20:AD:3C:E7:DF:C7:C6:41:50:38:7B:6C:58:75:CE:36:0B:8A:1A:BF:7E:31:E8:B3:F2:8B:75:B5:48:8A

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

oppamaen.com *.oppamaen.com

Other domains in certificate

aert.studio *.aert.studio

ampa.live *.ampa.live

*.as.avacash.com avacash.com *.avacash.com *.ka.avacash.com *.ww16.avacash.com

*.app.co-co.work *.beta.co-co.work co-co.work *.co-co.work *.co.co-co.work *.com.co-co.work *.cpanel.co-co.work *.cpcalendars.co-co.work *.mail.co-co.work *.online.co-co.work *.remote.co-co.work *.sitemaps.co-co.work *.tech.co-co.work *.ua.co-co.work *.webmail.co-co.work *.www.co-co.work

decimal.studio *.decimal.studio

*.development.discovwe.com discovwe.com *.discovwe.com *.visualizations.discovwe.com *.ww-w.discovwe.com *.ww1.discovwe.com

dotedu.live *.dotedu.live

fundirse.lat *.fundirse.lat *.hostmaster.fundirse.lat

*.ci.loyalheartsclub.com *.cicd.loyalheartsclub.com loyalheartsclub.com *.loyalheartsclub.com

ohdent.com *.ohdent.com *.ww25.ohdent.com

*.healthcare.pilips.com *.hearingsolutions.pilips.com *.infectionrisk.pilips.com *.innovationservices.pilips.com *.issa.pilips.com *.medical.pilips.com pilips.com *.pilips.com *.shop.pilips.com *.suportforum.pilips.com *.usa.pilips.com

*.admin.samsungfirmware.org *.random.samsungfirmware.org samsungfirmware.org *.samsungfirmware.org *.ww38.samsungfirmware.org

secuity.org *.secuity.org *.ww38.secuity.org

*.app.sjhs03.xyz *.d.sjhs03.xyz *.lldlio23js6ti8jq.sjhs03.xyz *.sitemap.sjhs03.xyz *.sitemaps.sjhs03.xyz sjhs03.xyz *.sjhs03.xyz *.ww1.sjhs03.xyz *.ww25.sjhs03.xyz *.ww38.sjhs03.xyz *.www.sjhs03.xyz *.wwww.sjhs03.xyz

*.hostmaster.sophps.com sophps.com *.sophps.com

steele-products.com *.steele-products.com *.ww.steele-products.com *.ww1.steele-products.com *.ww16.steele-products.com *.ww38.steele-products.com

*.mail.theblueparrotrestaurant.com theblueparrotrestaurant.com *.theblueparrotrestaurant.com