SSL Certificate Analysis for werdal.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=zhdf.de

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 11, 2026

Valid Until

April 11, 2026 46 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

6D:11:B8:1A:3C:85:7E:E9:F2:CF:EE:58:E7:92:00:54:60:7C:42:21:60:3F:8D:DB:85:90:38:36:C0:7C:50:3A

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

werdal.com *.werdal.com *.china.werdal.com *.rustore.werdal.com *.test.werdal.com *.ww25.werdal.com *.ww38.werdal.com

Other domains in certificate

agritourism.life *.agritourism.life *.www.agritourism.life

artspass.com.au *.artspass.com.au *.autoconfig.artspass.com.au *.ww38.artspass.com.au

bento123.work *.bento123.work *.client.bento123.work *.connectvpn.bento123.work *.gateway.bento123.work *.login.bento123.work *.m.bento123.work *.mobile.bento123.work *.portal.bento123.work *.remoteaccess.bento123.work *.secureaccess.bento123.work *.sslvpn.bento123.work *.vpn2.bento123.work *.wap.bento123.work *.web.bento123.work *.webconnect.bento123.work *.webvpn.bento123.work *.www.bento123.work

cambridgenglish.org *.cambridgenglish.org *.candidate.cambridgenglish.org

*.666.gwc.com *.al.gwc.com *.cm.gwc.com gwc.com *.gwc.com

mctrade.ltd *.mctrade.ltd *.random.mctrade.ltd

msqco.com *.msqco.com *.random.msqco.com *.test.msqco.com

*.mail.peludim.com *.ns2.peludim.com peludim.com *.peludim.com

pulsecapital.io *.pulsecapital.io *.sitemap.pulsecapital.io

*.autodiscover.reincarnationofamartialprodigy.online reincarnationofamartialprodigy.online *.reincarnationofamartialprodigy.online

*.0.rgb342.top *.16.rgb342.top *.33.rgb342.top *.51.rgb342.top *.59.rgb342.top *.6.rgb342.top *.66.rgb342.top *.75.rgb342.top *.76.rgb342.top *.79.rgb342.top *.85.rgb342.top *.b70.rgb342.top *.g71.rgb342.top *.n26.rgb342.top *.p50.rgb342.top *.p74.rgb342.top rgb342.top *.rgb342.top *.s97.rgb342.top *.u3.rgb342.top

*.com.shajagoja.shop shajagoja.shop *.shajagoja.shop *.www.shajagoja.shop

spaceiq.co *.spaceiq.co *.www.spaceiq.co

*.es.thebestunow.com thebestunow.com *.thebestunow.com

zhdf.de *.zhdf.de