SSL Certificate Analysis for paven.io - Security Grade & TLS Configuration

Open Cached · just now

83/100 SECURITY SCORE

Certificate Information

Subject

CN=apenrots.info

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 06, 2025

Valid Until

January 04, 2026 44 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

76:15:0C:85:4B:CD:88:60:3E:58:B5:83:CB:69:24:81:0A:8B:19:0E:CB:D0:13:3C:49:2A:57:67:B7:BF:D2:60

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Basic

default-src; frame-src; script-src; +8 more

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

paven.io

Other domains in certificate

12bit.vn

alternativapzo.com.br

amberferenz.com

apenrots.info

minutes.app.arrx.uk

glycostem-test.autolomate.com

aysenzeybek.de

www.bcc20k.com

test.bmset.com

fast.bprslantabur.id

admin.camy.cam

www.cemjsolucoes.com.br

chromebooks.ch

chrustin.com

join.clocktrace.com

partner.inforsys.co.id

www.daniyalkhan.dev

app.departspares.com

www.dibyanshupandey.com

www.ebels.app

test.echo.lu

portal.hopkins.edu.pe

emircul.me

sabs.ergrouptech.com

www.fieldbuster.app

beta.filyou.com

finny.fun

www.firedreaminteractive.com

auckland.foodworks.online

www.freedsound.live

api.fusion.finance

link.getami.co

cloud.gla.jp

www.greenappex.com

www.hi-project.org

www.hotkeyplayer.com

app.igloopos.com

www.igordonin.com.br

imrenewable.com

damage-reports.irestore.info

www.jaimefurtado.com

hkl-ax.jec-digital.com

lamato.de

lawsmithandco.in

goto.limhenry.xyz

kthpiedpiper.lupi.delivery

madhurajphotography.com

blog.madlabmakers.com

mariajanestudio.com

link.masamedia.top

mathus.fun

legacy.mealsbytheday.com

staging.tutka.meteo.fi

www.metta.social

www.miningprogram.com

www.mosjoandy.com

www.nalu.app

hosp.omrx.in

kanchipuram.onlydroptaxi.com

organ-tech.jp

booster.otherg.com

pfdaa.org

phasorlight.com

www.plugincraft.dev

productinsight.cz

raydistributor.com

dev.relaymd.com

forum.roundtable.io

admin.saludjusticia.com

pay.saycheesebistrot.com

sigmanurhit.org

manager.smartimprovementsolutions.com

quickstarts.snowflake.com

account.spried.com

streetsuperior.sqkii.land

chatduell.streamgamestv.com

streamteam.gg

suggest-me.in

ads.superfunbet.com

suggest.tamata.com

shop-staging.tech-scheduler.com

www.techinternets.com

www.thealphonsobrown.com

tortrack.net

stg.truepay.com.br

unicorndroptaxi.com

unmlobosportscamps.com

valdosoakpark.com

www.vallemora.com

www.vivixeon.com

www.care.wearenolte.com

app.kochipms.webapiservices.in

link.webex24.dev

www.wisepro.io

xmplerventures.com

yeaf.gg

www.yoursportspass.com

zentechsolution.com

appbfmdev.zikzuk.com