SSL Certificate Analysis for tescorewards.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=riviera.travel

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 02, 2026

Valid Until

April 02, 2026 50 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

9D:34:E2:EF:11:48:1D:D8:79:82:5F:A0:0E:80:E0:89:07:E7:0B:6E:60:87:06:09:8C:64:7D:52:D4:09:A1:5D

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

tescorewards.com *.tescorewards.com *.268365c40a628d8909cc811bf9b91050.tescorewards.com *.admin.tescorewards.com

Other domains in certificate

51xiuche.pro *.51xiuche.pro *.random.51xiuche.pro *.ww16.51xiuche.pro *.ww38.51xiuche.pro

69av1368.xyz *.69av1368.xyz

animestc.xyz *.animestc.xyz *.protetor.animestc.xyz

asccensus.com *.asccensus.com *.myaccount.asccensus.com

bandboozled.co.uk *.bandboozled.co.uk *.bypassdev.bandboozled.co.uk

besportykinder.de *.besportykinder.de *.dev.besportykinder.de *.mail.besportykinder.de *.temp.besportykinder.de *.trainer.besportykinder.de

betzilla.info *.betzilla.info

biosentient.com *.biosentient.com

estimablepamphlettodecipher-today.info *.estimablepamphlettodecipher-today.info

*.admin.film2media.com film2media.com *.film2media.com

gaponline.co.uk *.gaponline.co.uk *.ww16.gaponline.co.uk

gayindonesia.xyz *.gayindonesia.xyz *.hostmaster.gayindonesia.xyz *.portal.gayindonesia.xyz *.www.gayindonesia.xyz

*.b1.gold916.xyz gold916.xyz *.gold916.xyz *.meradmin.gold916.xyz *.ww25.gold916.xyz *.ww38.gold916.xyz

*.12.h24.cc *.b.h24.cc h24.cc *.h24.cc *.m.h24.cc *.members.h24.cc *.x.h24.cc

*.bank.mobpay.online mobpay.online *.mobpay.online

*.cfg.nwcj22.com nwcj22.com *.nwcj22.com *.ru.nwcj22.com *.salesnet.nwcj22.com

peakdevportal.com *.peakdevportal.com *.ww38.peakdevportal.com

*.images2.revvel-static.io revvel-static.io *.revvel-static.io

*.hostmaster.riviera.travel *.pavlenko.riviera.travel riviera.travel *.riviera.travel

*.autodiscover.slayynewz.xyz *.mail.slayynewz.xyz *.mwebmail.slayynewz.xyz *.mwhm.slayynewz.xyz *.report.slayynewz.xyz slayynewz.xyz *.slayynewz.xyz *.whm.slayynewz.xyz *.ww12.slayynewz.xyz *.www.slayynewz.xyz

urbanfactor.co *.urbanfactor.co

*.ttzy.wolfram-tours.de wolfram-tours.de *.wolfram-tours.de