SSL Certificate Analysis for static.yoursite.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=drohnenflugschule.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 22, 2026

Valid Until

August 20, 2026 53 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

4E:AE:91:54:5C:E1:80:83:D1:23:F7:4E:95:1B:01:41:24:E8:16:2A:78:94:C1:8B:F2:F5:02:4C:A3:22:F1:5D

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

yoursite.com *.yoursite.com *.dns-ta.yoursite.com

Other domains in certificate

60341.blog *.60341.blog

bestbandb.co.uk *.bestbandb.co.uk

cacchinobaby.com *.cacchinobaby.com

drohnenflugschule.com *.drohnenflugschule.com *.new.drohnenflugschule.com

fitnessgaze.club *.fitnessgaze.club

focomar.com *.focomar.com

freewebhostingeu.com *.freewebhostingeu.com

frequency98k.sbs *.frequency98k.sbs

gangliangwang.cn *.gangliangwang.cn *.mgfqz.gangliangwang.cn

gen-ai-squad.net *.gen-ai-squad.net

getde.cloud *.getde.cloud

giiulanaflores.com *.giiulanaflores.com

gnss-hub.info *.gnss-hub.info

gogo77in.my *.gogo77in.my

halfwayhouse-edinburgh.com *.halfwayhouse-edinburgh.com

happy-pet.com *.happy-pet.com

hatavecozum.com *.hatavecozum.com

hdfilmcehennemi16.org *.hdfilmcehennemi16.org

heavensbow.com *.heavensbow.com

hkverify.com *.hkverify.com

hofgfo.poker *.hofgfo.poker

howssq.poker *.howssq.poker

ioopenai.com *.ioopenai.com

jq3z.com.cn *.jq3z.com.cn

m0nesp0ce-cl12ent.org *.m0nesp0ce-cl12ent.org

metroskychannel.com *.metroskychannel.com

mgnlpu.cyou *.mgnlpu.cyou

mgvz51.cyou *.mgvz51.cyou

mhfkl.qpon *.mhfkl.qpon

miamifishingrentals.com *.miamifishingrentals.com

mickeymousektoi.com *.mickeymousektoi.com

midatlanticairmuseum.com *.midatlanticairmuseum.com

psychescabaret.com *.psychescabaret.com

pvtkeys.com *.pvtkeys.com

remoteworkarena.com *.remoteworkarena.com

*.pevwga.shopat247.info shopat247.info *.shopat247.info

smnhi.mobi *.smnhi.mobi

umpzail.top *.umpzail.top

useaccruals.top *.useaccruals.top

vailon.vip *.vailon.vip

wi881.top *.wi881.top

wookosfellowship.com *.wookosfellowship.com