SSL Certificate Analysis for web.serve.services - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=grape-on-stellar.art

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 19, 2026

Valid Until

May 20, 2026 86 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B7:42:95:04:C9:2E:BC:FF:2B:2A:5C:2B:D9:28:11:14:2A:7A:C5:AF:0C:37:F0:E1:AF:2C:A6:72:07:E6:91:19

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

serve.services *.serve.services *.hostmaster.serve.services *.m.serve.services *.news.serve.services *.supabase.serve.services *.web.serve.services *.ww38.serve.services

Other domains in certificate

1stoppoker.com *.1stoppoker.com *.www.1stoppoker.com

alm20amp.xyz *.alm20amp.xyz *.www.alm20amp.xyz

bk-virus.de *.bk-virus.de

copate.com *.copate.com *.d6037d44-fee3-4533-89dd-964bb3d81762.copate.com *.m.copate.com *.ww25.copate.com *.ww38.copate.com *.www.copate.com

gilchristoames.com *.gilchristoames.com

*.epwrxhis.grape-on-stellar.art grape-on-stellar.art *.grape-on-stellar.art

*.admin.hafuz.com *.beta.hafuz.com *.demo.hafuz.com hafuz.com *.hafuz.com *.ww17.hafuz.com

interests.com.au *.interests.com.au *.ww25.interests.com.au

*.demo.numb.cc numb.cc *.numb.cc *.sgp.numb.cc

*.dashboard.onphone.it *.demo.onphone.it *.dev.onphone.it onphone.it *.onphone.it

*.autodiscover.phonelocator.online phonelocator.online *.phonelocator.online

*.admin.ramalanhoki.my *.api.ramalanhoki.my *.app.ramalanhoki.my *.bc9a4583-5663-4b5b-8ae8-bcb7d102451e.ramalanhoki.my *.demo.ramalanhoki.my *.hostmaster.ramalanhoki.my ramalanhoki.my *.ramalanhoki.my *.test.ramalanhoki.my *.www.ramalanhoki.my

*.forecast.sambuci.com *.redash.sambuci.com *.reporting.sambuci.com *.research.sambuci.com sambuci.com *.sambuci.com

*.m.sportsmilk.com sportsmilk.com *.sportsmilk.com *.ww11.sportsmilk.com *.ww25.sportsmilk.com

tehnical.pro *.tehnical.pro *.walters.tehnical.pro *.waltersweb.tehnical.pro *.ww38.tehnical.pro

thecommunicator.com *.thecommunicator.com *.vpn.thecommunicator.com *.ww25.thecommunicator.com

waaalmart.com *.waaalmart.com *.ww38.waaalmart.com

*.comwww.weltico.com *.curry-harvey-call.weltico.com *.mail.weltico.com weltico.com *.weltico.com

westbram.com *.westbram.com