SSL Certificate Analysis for pressescape.lt - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=vendservice.at

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 17, 2025

Valid Until

March 17, 2026 60 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D9:80:3D:1E:DD:E3:93:B4:79:48:A1:88:A2:6B:0A:DA:76:4F:BA:61:77:61:37:30:4C:D6:66:7C:B1:A5:D8:BB

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

pressescape.lt

Other domains in certificate

www.1hpgames.com

www.active-generation.org

adampalinkas.dev

algometatech.com

s.alo-tech.com

animatorspace.tokyo

business.artsbyjp.com

atstake.app

belovance.com

www.billahern.com

www.bluz.app

cheese-agency.net

citysoftware.dev

eliranphysics.co.il

tango.colia.com

chris.costello.nyc

app.creme.com

crvlaboratorio.com

davidgalindo.dev

www.delisles.com

drmadhubhatia.com

endtheday.com

www.enhancedds.com

admin.eyeofthetiga.com

dev.app.fastorder.sn

fc-yehuda.com

fenerama.dev

fivethingsthataregood.com

flemingfrancis.com

florafresco.com

gdkc.foodle.su

fotoramausa.com

gridcore.com.co

conexaoc6.grupomova.com.br

guulamog.com

intelligence.hypergro.ai

hyrumtroop47.org

mozaikplay-stage-8.ischoolconnect.com

www.iskconkitchens.com

jonathanramyarussell.com

satei-web.joylab.jp

juangaviria.dev

www.justinjoy.dev

kiapartsconnect.com.br

kindnoise.com

kittycatbytes.com

www.km61.com

auth.koncept.com

koneta.click

lerempla.fr

lobiancoconstruction.com

www.loudcurtain.com

luisbajana.com

www.marcuslowe.com

mariodujic.com

chat.martincheng0.com

menbymail.com

company.miahire.com

app.mirrorfit.jp

misradror.com

movmei.com.br

bit.nginel.com

app.ninety.us qa.app.ninety.us

communicate.staging.nside.io

obliquo.co

soundimals.chfn.org.tw

oxesoft.com

www.palavreio.app

palhuila.com

ta.peterolsen.org

quick-services.phari-tech.co

www.pinganoriental.co.uk

dev.dashboard.pinggo.co.za

investhouse.portfoliolink.co.za

prettyboy.app

staging.principle.dental

projectcollaborative.net

qplusa.co.uk

www.ratherfly.com

fire.ricardofreitas.dev

rileypeterson.com

www.rocketworks.io

samanthonymcgrail.com

www.sigmaleads.io

dashboard.sila.live

www.slashbox.co

smashtheshuttlecock.info

pos.statio.me

teamamaro.online

techbot.dev

thecodecrafter.dev

trivianote.com

www.tulo.no

www.turfeaposta.net

info.unfoldingstories.app

vendservice.at

webboard.app

isasa.xhuma.io