SSL Certificate Analysis for theoven.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=spotny.io

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 03, 2026

Valid Until

May 04, 2026 83 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

4A:2C:C9:0D:C0:74:4A:F3:0F:65:6C:7B:0A:24:65:11:3D:AF:96:7B:C1:9C:49:39:52:46:D0:B7:73:E7:1E:E6

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

theoven.com *.theoven.com *.members.theoven.com *.secureaccess.theoven.com *.ww1.theoven.com *.ww17.theoven.com

Other domains in certificate

anneville.com *.anneville.com *.forums.anneville.com *.help.anneville.com *.ww1.anneville.com *.ww17.anneville.com *.www.anneville.com

bainton.com *.bainton.com *.sslvpn2.bainton.com

*.aws.bedandbreakfastmania.com bedandbreakfastmania.com *.bedandbreakfastmania.com *.blog.bedandbreakfastmania.com *.cpanel.bedandbreakfastmania.com *.desktopstudent.bedandbreakfastmania.com *.officevpn.bedandbreakfastmania.com *.online.bedandbreakfastmania.com *.remote.bedandbreakfastmania.com *.sslvpn3.bedandbreakfastmania.com

*.02.boatbooker.net *.45.boatbooker.net *.49.boatbooker.net *.81.boatbooker.net *.app.boatbooker.net *.bbuss.boatbooker.net boatbooker.net *.boatbooker.net *.help.boatbooker.net *.newsletter.boatbooker.net *.oegjhf.boatbooker.net *.puh.boatbooker.net *.web.boatbooker.net *.ww25.boatbooker.net

*.docs.dotdesign.studio dotdesign.studio *.dotdesign.studio

dumbkid.store *.dumbkid.store *.ww16.dumbkid.store

*.forum.geneticgenie.com geneticgenie.com *.geneticgenie.com *.iphone.geneticgenie.com *.jp.geneticgenie.com *.m.geneticgenie.com *.newsletter.geneticgenie.com *.prueba.geneticgenie.com *.radio.geneticgenie.com *.stage.geneticgenie.com *.stat.geneticgenie.com *.style.geneticgenie.com *.users.geneticgenie.com *.ww16.geneticgenie.com

hand-crafted.com *.hand-crafted.com *.marcus.hand-crafted.com *.news.hand-crafted.com *.rds1.hand-crafted.com *.testblog.hand-crafted.com *.tts.hand-crafted.com

*.client.hentaiforum.com hentaiforum.com *.hentaiforum.com *.smtpauth.hentaiforum.com

*.bankofscotland.insuresystems.co.uk *.ecoinsurance.insuresystems.co.uk insuresystems.co.uk *.insuresystems.co.uk *.lloydsbankcarinsurance.insuresystems.co.uk *.lloydsbankmotorinsurance.insuresystems.co.uk *.marksandspencer.insuresystems.co.uk *.postoffice.insuresystems.co.uk *.rac.insuresystems.co.uk *.store.insuresystems.co.uk

*.elite4dultrasonidos.ninjasdev.com *.ndhobbies.ninjasdev.com ninjasdev.com *.ninjasdev.com *.test.ninjasdev.com

*.my-friends.spotny.io spotny.io *.spotny.io