SSL Certificate Analysis for vernand.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=vernand.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 01, 2026

Valid Until

May 02, 2026 71 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DA:E1:D0:6D:DB:7E:66:C2:65:D7:3A:44:24:79:4E:09:E5:D4:1C:24:76:87:05:2B:C8:D6:B3:1F:92:E9:8E:42

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

vernand.com *.vernand.com *.apps.vernand.com

Other domains in certificate

536xhm.top *.536xhm.top *.iymiswhj.536xhm.top

588p.xyz *.588p.xyz *.aowpq.588p.xyz *.kwid9.588p.xyz

bobfrisuren.com *.bobfrisuren.com *.help.bobfrisuren.com *.ww11.bobfrisuren.com *.ww38.bobfrisuren.com

*.autodiscover.onecdz.net onecdz.net *.onecdz.net *.webdisk.onecdz.net *.www.onecdz.net

pornost.co *.pornost.co

projecthw3.com *.projecthw3.com

quangvinh.info *.quangvinh.info

rechargexl.com *.rechargexl.com

sabeelclean.com *.sabeelclean.com

sahajeshiksha.in *.sahajeshiksha.in

schulranzen-nuernberg.com *.schulranzen-nuernberg.com

shea-agronigltd.com *.shea-agronigltd.com

shopeeday.com *.shopeeday.com

ssiran.org *.ssiran.org

struik-coaching.nl *.struik-coaching.nl

studioholdings.com *.studioholdings.com

suzhouba.com *.suzhouba.com

systechlab.llc *.systechlab.llc

tableau-decoratif.com *.tableau-decoratif.com

tkyywz2.com *.tkyywz2.com

txfundsrecovery.com *.txfundsrecovery.com

usbing.net *.usbing.net

uztravel.cc *.uztravel.cc

veemy.gdn *.veemy.gdn

verabrouns.nl *.verabrouns.nl

victoriasbridalcouture.com *.victoriasbridalcouture.com

vipmm.vip *.vipmm.vip

vlhsi.pro *.vlhsi.pro

warif.pro *.warif.pro

webforall.org *.webforall.org

whqgi.pro *.whqgi.pro

winraz.com *.winraz.com

wwwhu11.cc *.wwwhu11.cc

xn--mgbm3eua.chat *.xn--mgbm3eua.chat

xn--vrn-ioa.com *.xn--vrn-ioa.com

xqakm.pro *.xqakm.pro

xxxnude.tech *.xxxnude.tech

ynrongyanggg.com *.ynrongyanggg.com