SSL Certificate Analysis for test.rosea.live - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=hmseason.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 05, 2026

Valid Until

August 03, 2026 64 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

CB:92:FD:A2:B3:24:09:15:D8:F2:44:72:C4:5E:47:92:18:53:7E:95:FD:11:0D:6C:F6:C8:AB:D1:16:A2:A9:28

Alternative Names

84 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

84 domains

rosea.live *.rosea.live *.hotfix.rosea.live *.mail.rosea.live *.test.rosea.live

Other domains in certificate

2klik66.xyz *.2klik66.xyz *.a.2klik66.xyz *.h.2klik66.xyz *.ww25.2klik66.xyz

5491.au *.5491.au

ammoncherryhill.com *.ammoncherryhill.com *.members.ammoncherryhill.com *.ww25.ammoncherryhill.com

bma01.xyz *.bma01.xyz *.ww25.bma01.xyz *.ww38.bma01.xyz

businessforsaletownsville.com.au *.businessforsaletownsville.com.au

fabsingers.com *.fabsingers.com *.galeria.fabsingers.com *.jobs.fabsingers.com *.prod.fabsingers.com *.store.fabsingers.com *.ww.fabsingers.com *.ww25.fabsingers.com

hmseason.com *.hmseason.com

hqporndr.com *.hqporndr.com *.m.hqporndr.com *.ww25.hqporndr.com

*.1.indeel.com *.be.indeel.com *.cl.indeel.com indeel.com *.indeel.com *.labs.indeel.com *.random.indeel.com *.ww31.indeel.com

jamikal.xyz *.jamikal.xyz *.ww38.jamikal.xyz

*.bct14.kku.bio *.ilearn.kku.bio kku.bio *.kku.bio

kraftroyal.eu *.kraftroyal.eu *.mx.kraftroyal.eu

lincolntowersbeta.com *.lincolntowersbeta.com *.ww38.lincolntowersbeta.com

market-ea.pro *.market-ea.pro *.webmail.market-ea.pro *.ww25.market-ea.pro

*.abdomax.purchaselink.click purchaselink.click *.purchaselink.click *.thecortexi.purchaselink.click *.ww38.purchaselink.click

*.autodiscover.techmaf.com *.sitemap.techmaf.com techmaf.com *.techmaf.com

*.free-ipod-tattoos.termslist.com *.godmode.termslist.com *.oyarzunandvanesa-fotos.termslist.com *.sibelcikcom.termslist.com termslist.com *.termslist.com *.vladmodels-photosfree.termslist.com *.wrlgonewild-com.termslist.com

ventemaison.com *.ventemaison.com

*.006a24ee-b320-437b-9043-949437368e56.wallflower.studio *.32.wallflower.studio wallflower.studio *.wallflower.studio