SSL Certificate Analysis for test.adtweet.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=gobar.online

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 17, 2026

Valid Until

May 18, 2026 85 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F9:A7:E2:DE:27:2F:99:B9:B0:B1:7D:EE:50:19:CE:9F:47:C7:19:22:16:4F:01:E7:1A:2C:D2:A7:C7:C9:C2:57

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

adtweet.com *.adtweet.com *.api.adtweet.com *.dev.adtweet.com *.mail.adtweet.com *.test.adtweet.com *.ww16.adtweet.com *.ww17.adtweet.com

Other domains in certificate

*.7057332c7114d7e2cc864aae36b74d73.951dmy301.top *.8579970b21cae06efb0f782e6cf96b33.951dmy301.top 951dmy301.top *.951dmy301.top *.aa591cda11197264f28ae37c2bf24260.951dmy301.top

amnon.it *.amnon.it *.remote.amnon.it *.smtps.amnon.it

gobar.online *.gobar.online *.ww25.gobar.online *.www.gobar.online *.x.gobar.online

heste.it *.heste.it *.hostmaster.heste.it

hnfeixiong.com *.hnfeixiong.com *.m.hnfeixiong.com

*.app.interiordecor.it *.demo.interiordecor.it *.dev.interiordecor.it interiordecor.it *.interiordecor.it *.staging.interiordecor.it

*.backend.lagga.com *.com.lagga.com *.f.lagga.com lagga.com *.lagga.com

mwa88.xyz *.mwa88.xyz *.ww25.mwa88.xyz *.ww38.mwa88.xyz

*.api.smilebychoicenyc.com *.chat-alpha.smilebychoicenyc.com *.dashboard.smilebychoicenyc.com *.dev.smilebychoicenyc.com *.mail.smilebychoicenyc.com *.notexistsapi.smilebychoicenyc.com smilebychoicenyc.com *.smilebychoicenyc.com *.superset.smilebychoicenyc.com *.supersets.smilebychoicenyc.com *.ww38.smilebychoicenyc.com

*.access.snazzits.com *.app.snazzits.com *.assets.snazzits.com *.desktop.snazzits.com *.gateway.snazzits.com *.m.snazzits.com *.ra.snazzits.com *.rd.snazzits.com *.rdp.snazzits.com *.remote.snazzits.com *.remoteapp.snazzits.com *.secure.snazzits.com snazzits.com *.snazzits.com *.ssl.snazzits.com *.vdi.snazzits.com *.vpn.snazzits.com *.vpn1.snazzits.com *.vpn2.snazzits.com *.vpnssl.snazzits.com *.ww16.snazzits.com *.ww38.snazzits.com

*.bronxworksin.termind.co *.mantec.termind.co termind.co *.termind.co *.us.termind.co *.ww17.termind.co

udr.com.au *.udr.com.au

vakha.com *.vakha.com *.ww12.vakha.com *.www.vakha.com

wallartdirect.co.uk *.wallartdirect.co.uk