Open
Cached
·
just now
74/100
SECURITY SCORE
Certificate Information
Subject
CN=tls.automattic.com
Issuer
C=US, O=Let's Encrypt, CN=E7
Valid From
November 12, 2025
Valid Until
February 10, 2026
28 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA384
SHA-256 Fingerprint
85:3E:87:A4:5E:AE:94:23:74:7E:38:0F:AE:A1:11:EA:46:F9:D4:E0:58:07:44:69:3D:23:23:85:FB:EC:F0:53
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
51 domains
terratrekapp.com
tls.automattic.com
bernardschaperportfolio.pro
www.bernardschaperportfolio.pro
mariaclara.car.blog
www.mariaclara.car.blog
creativecubes.blog
www.creativecubes.blog
www.cthegeographer.com
dj-mobile-mechanic.com
www.dj-mobile-mechanic.com
www.everdeli.fi
www.bamiosh.family.blog
earnmoneyonline6.finance.blog
teamlewdgaming.game.blog
www.teamlewdgaming.game.blog
groupinvestnet.com
www.groupinvestnet.com
fitzgeraldhuynh68.health.blog
spahappy.health.blog
www.fitzgeraldhuynh68.health.blog
www.spahappy.health.blog
hiwarnheli.com
www.hiwarnheli.com
imidaily.com
kil-t-ish.com
www.kil-t-ish.com
knittingdiary.com
www.knittingdiary.com
www.billrodgersthorup4.law.blog
moviesilike.movie.blog
www.flickahlingeriesfemininasvarejolojaintegrada.movie.blog
loserr.music.blog
sontonio.music.blog
www.appetitefor.music.blog
www.loserr.music.blog
www.sontonio.music.blog
www.recirclesolutions.com
redbudcottage.com
www.redbudcottage.com
reinemherzenshepherds.com
www.reinemherzenshepherds.com
salvatorecapuano.com
www.salvatorecapuano.com
simpeiying.com
spirit110gmail.com
www.spirit110gmail.com
www.sweetlightstudiospnw.com
recoveryprotech.tech.blog
www.recoveryprotech.tech.blog
the-writer-stuff.com
Other domains in certificate