SSL Certificate Analysis for thezb.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=deluxecoach.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

March 30, 2026

Valid Until

June 28, 2026 45 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

5D:46:A8:DA:11:BB:8E:1A:08:B2:4D:94:52:3F:DF:3E:AF:3C:8A:3B:03:F3:16:B3:26:CA:4F:9E:BC:DE:BE:54

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

thezb.com *.thezb.com *.new.thezb.com

Other domains in certificate

deluxecoach.com *.deluxecoach.com *.demo.deluxecoach.com

*.admin.eucalyn.shop *.app.eucalyn.shop *.bigboss.eucalyn.shop *.boss.eucalyn.shop *.dev.eucalyn.shop eucalyn.shop *.eucalyn.shop *.home.eucalyn.shop *.intranet.eucalyn.shop *.m.eucalyn.shop *.mail.eucalyn.shop *.mobile.eucalyn.shop *.portal.eucalyn.shop *.shop.eucalyn.shop *.store.eucalyn.shop *.wap.eucalyn.shop *.web.eucalyn.shop

f64761866.com *.f64761866.com

gmppass.co.uk *.gmppass.co.uk

keren.com.au *.keren.com.au *.random.keren.com.au *.ww25.keren.com.au

*.all.mark.support *.archive.mark.support *.auth.mark.support *.blog.mark.support *.demo.mark.support *.email.mark.support *.extranet.mark.support mark.support *.mark.support *.old.mark.support *.ww12-api.mark.support *.ww12.mark.support *.www.mark.support

*.crm.multiplecore.com *.lime.multiplecore.com multiplecore.com *.multiplecore.com *.sitemaps.multiplecore.com

*.mail.nordicbrosdesign.com nordicbrosdesign.com *.nordicbrosdesign.com *.ww16.nordicbrosdesign.com *.ww38.nordicbrosdesign.com

*.admin.rentascooter.it rentascooter.it *.rentascooter.it

*.rustore.rwatradingplatform.com rwatradingplatform.com *.rwatradingplatform.com

*.d.symphonia.xyz *.hostmaster.symphonia.xyz *.mail.symphonia.xyz *.mvn.symphonia.xyz *.ptr3508.symphonia.xyz *.ptr667.symphonia.xyz symphonia.xyz *.symphonia.xyz *.www.symphonia.xyz

*.a.tycspors.com *.app.tycspors.com *.cs.tycspors.com *.en.tycspors.com *.fr.tycspors.com *.hh.tycspors.com *.k4.tycspors.com tycspors.com *.tycspors.com *.varnish.tycspors.com *.www.tycspors.com *.www7b.tycspors.com

*.home.virus123.com *.intranet.virus123.com *.mail.virus123.com virus123.com *.virus123.com

*.02dd9ec6d6260f0aaee8901b57ac328b.xasptv250306.top *.252e52c3a4ef1fc3f805c99924998925.xasptv250306.top xasptv250306.top *.xasptv250306.top