SSL Certificate Analysis for stepania.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=selpizz.shop

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 31, 2026

Valid Until

May 01, 2026 78 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3F:29:B7:7F:4A:44:B2:89:52:9A:3D:3D:B0:3F:15:EE:A1:C2:2F:74:D6:FE:FF:34:E5:0F:D8:C3:CB:35:55:2B

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

stepania.com *.stepania.com *.ww11.stepania.com

Other domains in certificate

baixarseriesmega.club *.baixarseriesmega.club *.wildcard.baixarseriesmega.club *.www.baixarseriesmega.club

donatbet.info *.donatbet.info *.overnight-delivery-available.donatbet.info

gamekclub.com *.gamekclub.com *.shop.gamekclub.com

girlpower.com.au *.girlpower.com.au *.wildcard.girlpower.com.au

*.er-wifi.linksmod.xyz linksmod.xyz *.linksmod.xyz

*.audio.moviezflix.org *.dev.moviezflix.org *.hostmaster.moviezflix.org moviezflix.org *.moviezflix.org *.viz.moviezflix.org *.ww12.moviezflix.org *.ww99.moviezflix.org

occulte.org *.occulte.org

pornquest.cc *.pornquest.cc *.ww16.pornquest.cc

*.news.selpizz.shop selpizz.shop *.selpizz.shop *.ww25.selpizz.shop *.www.selpizz.shop

*.1.tvshaq.com *.17.tvshaq.com *.admin.tvshaq.com *.api.tvshaq.com *.argo.tvshaq.com *.backend.tvshaq.com *.blog.tvshaq.com *.dashboard.tvshaq.com *.demo.tvshaq.com *.intelligence.tvshaq.com *.jpkc.tvshaq.com *.notexistsadmin.tvshaq.com *.report.tvshaq.com *.superset.tvshaq.com tvshaq.com *.tvshaq.com *.vpn.tvshaq.com *.wildcard.tvshaq.com *.workflow.tvshaq.com *.ww1.tvshaq.com *.ww16.tvshaq.com *.ww17.tvshaq.com *.ww25.tvshaq.com

*.14dc.uko66.xyz *.171b.uko66.xyz *.29f6.uko66.xyz *.2ad1.uko66.xyz *.332b.uko66.xyz *.4534.uko66.xyz *.46cb.uko66.xyz *.57d3.uko66.xyz *.6ced.uko66.xyz *.8a53.uko66.xyz *.8bc5.uko66.xyz *.8d28.uko66.xyz *.9535.uko66.xyz *.9fbc.uko66.xyz *.abf5.uko66.xyz *.ad33.uko66.xyz *.b4c5.uko66.xyz *.b78e.uko66.xyz *.bdfa.uko66.xyz *.beca.uko66.xyz *.ceba.uko66.xyz *.d145.uko66.xyz *.dd22.uko66.xyz uko66.xyz *.uko66.xyz *.www.uko66.xyz

*.ts.werthmann.com *.vdi.werthmann.com werthmann.com *.werthmann.com