SSL Certificate Analysis for shopy.bio - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=exekias.com

Issuer

C=US, O=Let's Encrypt, CN=YR1

Valid From

June 04, 2026

Valid Until

September 02, 2026 71 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

31:D4:87:DF:B4:15:4D:83:97:51:B5:C5:26:79:59:53:5C:CD:BC:6D:D7:6A:27:F9:4B:13:E1:EF:15:00:1D:20

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

shopy.bio *.shopy.bio *.blog.shopy.bio *.wildcard.shopy.bio

Other domains in certificate

*.0m0q.9jalover.com *.55t.9jalover.com *.5t01.9jalover.com 9jalover.com *.9jalover.com *.feg55k.9jalover.com *.mail.9jalover.com *.mpcr.9jalover.com *.uivs.9jalover.com *.ww7.9jalover.com *.za.9jalover.com

beymer.com *.beymer.com

brandonkaufman.com *.brandonkaufman.com *.hostmaster.brandonkaufman.com *.london.brandonkaufman.com *.m.brandonkaufman.com *.sitemap.brandonkaufman.com

burbulis.com *.burbulis.com

crnf.org *.crnf.org *.fbzckvdcxt.crnf.org

delinquentes.com *.delinquentes.com

*.admin.dewabos138.app *.api.dewabos138.app *.app.dewabos138.app *.assets.dewabos138.app *.demo.dewabos138.app *.dev.dewabos138.app dewabos138.app *.dewabos138.app *.test.dewabos138.app

eop.de *.eop.de *.gr.eop.de *.ww38.eop.de

exekias.com *.exekias.com

finalexpenselifeinsurance.com *.finalexpenselifeinsurance.com

floraldesignconsultant.com *.floraldesignconsultant.com *.hostmaster.floraldesignconsultant.com *.www.floraldesignconsultant.com

*.collegepark.fultoncountyschools.org *.email.fultoncountyschools.org fultoncountyschools.org *.fultoncountyschools.org *.ww35.fultoncountyschools.org

*.25.hjdb3.com hjdb3.com *.hjdb3.com *.ww17.hjdb3.com *.ww25.hjdb3.com

megaterra.com *.megaterra.com

*.blog.myphonezone.com *.connect.myphonezone.com *.gateway.myphonezone.com *.m.myphonezone.com myphonezone.com *.myphonezone.com *.portal.myphonezone.com *.ra.myphonezone.com *.rdweb.myphonezone.com *.ssl.myphonezone.com *.test.myphonezone.com *.ts.myphonezone.com *.webmail.myphonezone.com

sinhcontrai.com *.sinhcontrai.com

tibebu.com *.tibebu.com

vahida.com *.vahida.com

vigoron.com *.vigoron.com

*.lhzc.wpge.com *.random.wpge.com wpge.com *.wpge.com *.ww25.wpge.com *.ww38.wpge.com