SSL Certificate Analysis for postmaster.updates-kora.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=greunwelt.de

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 31, 2025

Valid Until

March 31, 2026 48 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

15:AD:B0:4E:F5:DF:97:38:9E:73:F7:2B:72:37:8A:BE:DB:AF:81:F5:D7:11:F6:6A:2C:89:20:D2:21:C2:9A:B6

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

updates-kora.com *.updates-kora.com *.aloka-tv.updates-kora.com *.doc-khrais-insurance.updates-kora.com *.forcrpyokrais.updates-kora.com *.fxtrading.updates-kora.com *.hook-crypro.updates-kora.com *.kora-weyyak.updates-kora.com *.seocryprothanyat.updates-kora.com *.sportkhrais.updates-kora.com *.sroolking.updates-kora.com *.stronjtuko.updates-kora.com *.vpn.updates-kora.com

Other domains in certificate

cla1c.com *.cla1c.com *.random.cla1c.com

consumersbook.com *.consumersbook.com *.hostmaster.consumersbook.com *.shop.consumersbook.com *.www.consumersbook.com

devendsupply.com *.devendsupply.com *.mail.devendsupply.com

edugameshub.com *.edugameshub.com *.random.edugameshub.com *.www.edugameshub.com

*.eyedoclocator.eyemedivisioncare.com eyemedivisioncare.com *.eyemedivisioncare.com *.member.eyemedivisioncare.com *.random.eyemedivisioncare.com

fingernails.com.au *.fingernails.com.au

*.cfp.franciscopacheco.pro *.cpcontacts.franciscopacheco.pro franciscopacheco.pro *.franciscopacheco.pro *.mail.franciscopacheco.pro *.webmail.franciscopacheco.pro

*.75443.gatny.com gatny.com *.gatny.com *.hostmaster.gatny.com

greunwelt.de *.greunwelt.de

iamlegent.xyz *.iamlegent.xyz

icollect.com.au *.icollect.com.au *.random.icollect.com.au

kellysbeach.com *.kellysbeach.com *.random.kellysbeach.com

microstar88.bet *.microstar88.bet

myblogsuk.online *.myblogsuk.online *.test.myblogsuk.online

*.live.onmyhevensday.com *.m.onmyhevensday.com onmyhevensday.com *.onmyhevensday.com *.us.onmyhevensday.com *.usa.onmyhevensday.com

*.mta.pembinatrail.ca *.myblueprint.pembinatrail.ca pembinatrail.ca *.pembinatrail.ca *.smail.pembinatrail.ca

ramosyflores.com *.ramosyflores.com

*.random.seoheros.com.au seoheros.com.au *.seoheros.com.au

sexflixrent.com *.sexflixrent.com *.webmail.sexflixrent.com

swithboard.com *.swithboard.com *.www.swithboard.com

thegreentrafficlight.co *.thegreentrafficlight.co

*.jejkvsitemap.theladybug.xyz theladybug.xyz *.theladybug.xyz

*.random.zatanczymy.pl zatanczymy.pl *.zatanczymy.pl