SSL Certificate Analysis for tsslabs.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=waxtracker.io

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 08, 2026

Valid Until

July 07, 2026 59 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

CA:51:23:76:6F:06:9E:49:BE:B5:EC:EA:89:4C:5D:BA:A2:B7:E5:A3:CD:00:91:17:D5:5E:86:34:F1:66:D8:F8

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

tsslabs.com *.tsslabs.com *.stake.tsslabs.com

Other domains in certificate

90degreesbyreflex.com *.90degreesbyreflex.com *.random.90degreesbyreflex.com

archwellapply.info *.archwellapply.info *.usaform.archwellapply.info

asiasport.net *.asiasport.net *.com.asiasport.net

chachatv54.pro *.chachatv54.pro

chepenergy24.de *.chepenergy24.de *.random.chepenergy24.de

*.au.consultingsolutions.com.au consultingsolutions.com.au *.consultingsolutions.com.au *.consultingsolutions.consultingsolutions.com.au *.globalsurfnskate.consultingsolutions.com.au *.sustainableinsights.consultingsolutions.com.au

cruse.life *.cruse.life

diamondrings365047.life *.diamondrings365047.life

famrers.com *.famrers.com *.ww25.famrers.com

*.azure2.firstoptionmedical.com firstoptionmedical.com *.firstoptionmedical.com *.mail.firstoptionmedical.com *.ww38.firstoptionmedical.com *.www.firstoptionmedical.com

getreidesorten.de *.getreidesorten.de

*.20xlcz.hpkensaku.com *.4wmql2xi.hpkensaku.com *.cp3iiwe2p.hpkensaku.com hpkensaku.com *.hpkensaku.com *.lyfnd.hpkensaku.com *.r18fa1e.hpkensaku.com *.t4i6thvb.hpkensaku.com *.t8nuli.hpkensaku.com *.uidhxr.hpkensaku.com *.unj6qmnsv.hpkensaku.com *.up9yetz0.hpkensaku.com

javset.com *.javset.com *.ww25.javset.com

kgla.bet *.kgla.bet

*.comwww.moviesae.cc moviesae.cc *.moviesae.cc *.site.moviesae.cc *.top.moviesae.cc

*.euro.nljobnavi.com *.exp.nljobnavi.com *.lp.nljobnavi.com nljobnavi.com *.nljobnavi.com *.www.nljobnavi.com

notionflow.co *.notionflow.co *.ww25.notionflow.co

*.annti.ragging.com ragging.com *.ragging.com *.ww42.ragging.com *.yxd.ragging.com

t1v8mg.xyz *.t1v8mg.xyz *.ww25.t1v8mg.xyz

*.random.ua9a.xyz ua9a.xyz *.ua9a.xyz *.ww38.ua9a.xyz

*.admin.wal.com.pl *.airflow.wal.com.pl *.hostmaster.wal.com.pl wal.com.pl *.wal.com.pl *.www.wal.com.pl

waxtracker.io *.waxtracker.io