SSL Certificate Analysis for testing1.subhan.live - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=aware-deals.xyz

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 18, 2025

Valid Until

March 18, 2026 35 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

BC:8F:49:E0:DC:12:D5:F1:9D:17:04:74:33:50:B8:9B:B7:21:19:20:30:26:13:D0:42:7F:5F:02:28:F7:82:60

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

subhan.live *.subhan.live *.anam.subhan.live *.angular.subhan.live *.anzurantpharma.subhan.live *.burger.subhan.live *.com.subhan.live *.consult.subhan.live *.demo.subhan.live *.drupal.subhan.live *.exhaul.subhan.live *.frontity.subhan.live *.jun.subhan.live *.logistics.subhan.live *.moviristic.subhan.live *.portfolio.subhan.live *.shop.subhan.live *.store.subhan.live *.the-penne.subhan.live *.thereflectionstudio.subhan.live *.uae.subhan.live *.ui.subhan.live *.uk.subhan.live *.usa.subhan.live *.zeebaish.subhan.live

Other domains in certificate

amecafemantiqueira.com.br *.amecafemantiqueira.com.br *.ns2.amecafemantiqueira.com.br

aware-deals.xyz *.aware-deals.xyz *.ww25.aware-deals.xyz

brightorbit.xyz *.brightorbit.xyz *.ww25.brightorbit.xyz

bydry.com.br *.bydry.com.br *.ns1.bydry.com.br *.ns3.bydry.com.br *.shop.bydry.com.br

calcmaps.com.br *.calcmaps.com.br *.ns1.calcmaps.com.br *.ns2.calcmaps.com.br *.ns3.calcmaps.com.br

desafiod21.com.br *.desafiod21.com.br *.ns2.desafiod21.com.br *.ns3.desafiod21.com.br *.saude.desafiod21.com.br

directredirection.com *.directredirection.com *.ws.directredirection.com *.wss.directredirection.com

enteryourwebsiteurl.com *.enteryourwebsiteurl.com *.ww25.enteryourwebsiteurl.com

figmaparadesigners.com.br *.figmaparadesigners.com.br *.ns1.figmaparadesigners.com.br *.ns2.figmaparadesigners.com.br

hcgolfstore.com *.hcgolfstore.com

megamillionlottery.com *.megamillionlottery.com *.mx2.megamillionlottery.com *.mx3.megamillionlottery.com *.project.megamillionlottery.com *.seed.megamillionlottery.com *.services.megamillionlottery.com *.thor.megamillionlottery.com *.users.megamillionlottery.com *.webdesign.megamillionlottery.com

*.2aa7f9f3-3873-41f1-a129-08578906cbc9.smart-jaba.com *.admin.smart-jaba.com *.api.smart-jaba.com *.app.smart-jaba.com *.backend.smart-jaba.com *.dev.smart-jaba.com *.hostmaster.smart-jaba.com *.primary.smart-jaba.com *.sitemap.smart-jaba.com *.sitemaps.smart-jaba.com smart-jaba.com *.smart-jaba.com *.staging.smart-jaba.com *.wildcard.smart-jaba.com *.ww1.smart-jaba.com *.ww7.smart-jaba.com *.ww99.smart-jaba.com *.www.smart-jaba.com