SSL Certificate Analysis for pickyguide.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=1663-gg123.cfd

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 19, 2026

Valid Until

May 20, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E5:E7:B1:E6:40:A8:55:28:C2:02:BA:07:86:40:4A:A0:88:4C:ED:61:94:15:A5:E4:DE:77:5E:32:AF:CD:8F:2F

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

pickyguide.com *.pickyguide.com *.en.pickyguide.com *.www.pickyguide.com

Other domains in certificate

1663-gg123.cfd *.1663-gg123.cfd *.95416.1663-gg123.cfd

afroraduno.it *.afroraduno.it *.remote.afroraduno.it

agriculturalequipment.in *.agriculturalequipment.in *.m.agriculturalequipment.in

*.apps.cavaxabiotech.com cavaxabiotech.com *.cavaxabiotech.com *.exchange.cavaxabiotech.com *.mail.cavaxabiotech.com *.mobileconnect.cavaxabiotech.com *.owa.cavaxabiotech.com *.sales.cavaxabiotech.com *.secure.cavaxabiotech.com *.secure2.cavaxabiotech.com *.vdi1.cavaxabiotech.com *.vpn.cavaxabiotech.com *.ww25.cavaxabiotech.com *.ww38.cavaxabiotech.com

*.chart.cibele.com cibele.com *.cibele.com *.email.cibele.com *.gkvbncr7ks.cibele.com *.m.cibele.com *.societe.cibele.com *.yahoo.cibele.com

elma.au *.elma.au *.mailserver.elma.au

fortuneclock15.online *.fortuneclock15.online *.www.fortuneclock15.online

*.app.gosewing.com *.autodiscover.gosewing.com gosewing.com *.gosewing.com *.remote.gosewing.com *.wiki.gosewing.com

infrajobs.net *.infrajobs.net *.vpn.infrajobs.net

*.cdn.mangabuddy.info *.img.mangabuddy.info mangabuddy.info *.mangabuddy.info

neckpilllows.au *.neckpilllows.au

*.api.residentialreit.com *.dev.residentialreit.com *.mail.residentialreit.com residentialreit.com *.residentialreit.com *.test.residentialreit.com *.ww25.residentialreit.com

scooterclassifieds.au *.scooterclassifieds.au

*.intelligence.source800.com source800.com *.source800.com

*.billing.viralhit.buzz *.bitbucket.viralhit.buzz *.catalog.viralhit.buzz *.freekassa.viralhit.buzz *.help.viralhit.buzz *.inecobank.viralhit.buzz *.ipak-uz.viralhit.buzz *.media.viralhit.buzz *.megamarket.viralhit.buzz *.moneygram.viralhit.buzz *.mx.viralhit.buzz *.mx03.viralhit.buzz *.pochta.viralhit.buzz *.profex.viralhit.buzz *.sql.viralhit.buzz *.tinkoff.viralhit.buzz *.tunnel.viralhit.buzz viralhit.buzz *.viralhit.buzz *.vpn.viralhit.buzz *.www.viralhit.buzz *.youla.viralhit.buzz