SSL Certificate Analysis for vinted.bio - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=shawty.io

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 13, 2026

Valid Until

August 11, 2026 76 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

24:24:07:A0:E6:32:15:4D:8A:7B:E7:0A:9C:2A:E6:AC:9C:F4:C0:50:39:B0:14:91:33:51:F6:0E:8A:29:4E:14

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

vinted.bio *.vinted.bio *.118.vinted.bio *.2.vinted.bio *.49.vinted.bio *.bio.vinted.bio *.libcat.vinted.bio *.ww38.vinted.bio

Other domains in certificate

atlasinsurance.co.uk *.atlasinsurance.co.uk *.blogadmin.atlasinsurance.co.uk *.ww38.atlasinsurance.co.uk

costcocareers.com *.costcocareers.com *.shop.costcocareers.com *.ww38.costcocareers.com

easypushbutton.com *.easypushbutton.com *.zs17ce.easypushbutton.com

fastandfuriousfootball.com *.fastandfuriousfootball.com *.ww.fastandfuriousfootball.com

*.32.kingmod.vip kingmod.vip *.kingmod.vip *.ww16.kingmod.vip

kkookm.click *.kkookm.click *.www1.kkookm.click

*.analytics.levacanzeinsardegna.it *.api.levacanzeinsardegna.it *.app.levacanzeinsardegna.it *.data.levacanzeinsardegna.it *.dev.levacanzeinsardegna.it *.hostmaster.levacanzeinsardegna.it *.intel.levacanzeinsardegna.it levacanzeinsardegna.it *.levacanzeinsardegna.it *.mail.levacanzeinsardegna.it *.owa.levacanzeinsardegna.it *.staging.levacanzeinsardegna.it *.superset.levacanzeinsardegna.it *.www.levacanzeinsardegna.it

*.32.luxhideout.com luxhideout.com *.luxhideout.com *.ww38.luxhideout.com *.www.luxhideout.com

*.external.mahashunya.org *.fc55e7ba-3efb-420d-bf5e-45ac2a633c26.mahashunya.org mahashunya.org *.mahashunya.org *.portal.mahashunya.org *.public.mahashunya.org *.share.mahashunya.org

*.a.ntmcv.bargains ntmcv.bargains *.ntmcv.bargains

*.app.nusantara4dnet.top nusantara4dnet.top *.nusantara4dnet.top *.sitemap.nusantara4dnet.top

*.32.prophase.bio prophase.bio *.prophase.bio

*.3.range.plus *.mad.range.plus range.plus *.range.plus

*.random.shawty.io shawty.io *.shawty.io *.www.shawty.io

thearchives.co *.thearchives.co *.www.thearchives.co

*.hostmaster.themobilecompany.it themobilecompany.it *.themobilecompany.it

*.ebay.videogamesuniversity.com *.rds.videogamesuniversity.com *.rdweb.videogamesuniversity.com videogamesuniversity.com *.videogamesuniversity.com

*.host.xepp.info *.random.xepp.info *.website.xepp.info *.ww38.xepp.info xepp.info *.xepp.info