SSL Certificate Analysis for staging.edvacancy.com - Security Grade & TLS Configuration

Certificate Information

Subject

CN=shinebrite.co

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 01, 2026

Valid Until

May 02, 2026 80 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

82:16:04:BE:0C:67:E4:1D:3F:DF:86:2B:64:26:AC:86:75:2F:D8:DB:1E:60:18:7C:81:AB:E4:85:01:01:8A:E2

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

edvacancy.com *.edvacancy.com

Other domains in certificate

00445.bid *.00445.bid

056743.vip *.056743.vip

152376.cn *.152376.cn

20880.locker *.20880.locker

209153.cn *.209153.cn

29121.bid *.29121.bid

31910.bid *.31910.bid

33045.bid *.33045.bid

35492347.top *.35492347.top

51599.bid *.51599.bid

523687.loan *.523687.loan

52566.bid *.52566.bid

55sp8.lat *.55sp8.lat

6088i.cc *.6088i.cc

640228.cc *.640228.cc

67577086.top *.67577086.top

68842245.top *.68842245.top

74269.loan *.74269.loan

963yhc301.top *.963yhc301.top

ag786.top *.ag786.top

archive-x-published.com *.archive-x-published.com

b2c.tv *.b2c.tv

bk8.team *.bk8.team *.remote.bk8.team

bks22.top *.bks22.top

bndqe.pro *.bndqe.pro

buy-laptop-battery.org *.buy-laptop-battery.org

bybit.vc *.bybit.vc

craft.markets *.craft.markets

etrbv.pro *.etrbv.pro

fav77boi.info *.fav77boi.info

floatingisland.com *.floatingisland.com

foodsecurity.com.au *.foodsecurity.com.au

get-mrpunketh.com *.get-mrpunketh.com

get-statistics.com *.get-statistics.com

gv191.top *.gv191.top

industrial-warehousing-243675812.click *.industrial-warehousing-243675812.click

innogy.co *.innogy.co

jumeirah.top *.jumeirah.top

magic4you.nu *.magic4you.nu

moonandsparrow.com *.moonandsparrow.com

nafasmobile.com *.nafasmobile.com

nwcjj.net *.nwcjj.net

shinebrite.co *.shinebrite.co