SSL Certificate Analysis for westhost.com - Security Grade & TLS Configuration

Open Cached · just now

87/100 SECURITY SCORE

Certificate Information

Subject

CN=uk2.net

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

November 03, 2025

Valid Until

February 01, 2026 70 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D1:24:92:BD:4F:F8:40:B9:EA:CB:F4:6D:4D:5C:0F:F0:D4:6C:51:99:FD:19:E2:1B:82:69:33:C0:5E:E3:41:B6

Alternative Names

21 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=300

Content-Security-Policy

Basic

script-src; img-src; style-src; +8 more

script-src www.google.co.uk 'self' 'unsafe-inline' 'unsafe-eval' mw-uk2-uat.thehut.net mw.thghosting.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com *.dwin1.com *.addtoany.com *.bing.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.pingdom.net *.trustpilot.com *.jquery.com ajax.googleapis.com platform.twitter.com *.adroll.com *.google.com *.facebook.net *.steelhousemedia.com *.qualtrics.com www.googleadservices.com *.uk2group.com maxcdn.bootstrapcdn.com privacy-policy.truste.com www.gstatic.com *.visualwebsiteoptimizer.com www.googletagmanager.com www.google-analytics.com app.yieldify.com *.westhost.com t.trackedlink.net d33wq5gej88ld6.cloudfront.net s.adroll.com tracking.websitealive.com *.hcaptcha.com https://www.googletagmanager.com; img-src data: 'self' *.thgingenuity.com img.zohostatic.eu match.adsrvr.org *.gstatic.com *.uk2group.com *.bing.com *.gravatar.com *.pingdom.net *.uk2.net p.adsymptotic.com s.w.org csi.gstatic.com cj.dotomi.com widget.trustpilot.com www.privacytrust.com insight.adsrvr.org *.adroll.com *.adnxs.com *.yahoo.com *.facebook.com *.doubleclick.net *.bidswitch.net *.rlcdn.com *.twitter.com *.openx.net googleads.g.doubleclick.net *.googleadservices.com cdsusa.veinteractive.com shareasale.com www.emjcd.com *.westhost.com *.midphase.com privacy-policy.truste.com secure.etrust.org 55b558c7-resources.bk-partnersasia.com ib.adnxs.com *.visualwebsiteoptimizer.com www.google-analytics.com stats.g.doubleclick.net www.google.co.uk www.google.com https://script.hotjar.com http://script.hotjar.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.westhost.com *.google.com *.googleapis.com dwmvwp56lzq5t.cloudfront.net *.pingdom.net *.bootstrapcdn.com *.visualwebsiteoptimizer.com; frame-src 'self' *.hcaptcha.com *.westhost.com cdn.forms-content.sg-form.com www.google.co.uk www.google.com plus.google.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com https://vars.hotjar.com widget.trustpilot.com https://www.googletagmanager.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com livechat.uk2group.com *.pingdom.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.twitter.com dev.visualwebsiteoptimizer.com geo.yieldify.com *.westhost.com widget.trustpilot.com bat.bing.com https://facebook.com/tr/ https://www.google.com/ccm/ https://www.googletagmanager.com; font-src data: 'self' http://script.hotjar.com https://script.hotjar.com *.westhost.com *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.visualwebsiteoptimizer.com stats.g.doubleclick.net; default-src 'self' *.westhost.com; object-src 'self' *.westhost.com *.visualwebsiteoptimizer.com; child-src *.westhost.com *.uk2group.com *.hotjar.com *.twitter.com *.addtoany.com googleads.g.doubleclick.net platform.twitter.com apis.google.com www.facebook.com staticxx.facebook.com accounts.google.com afftrk.biz www.googleadservices.com tracking.opienetwork.com youtu.be www.youtube.com *.visualwebsiteoptimizer.com www.google.com; media-src data: 'self' *.westhost.com; frame-ancestors 'self';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

21 domains

westhost.com blog-uat.westhost.com blog.westhost.com uat.westhost.com www.westhost.com

Other domains in certificate

blog-uat.100tb.com blog.100tb.com

blog-uat.midphase.com blog.midphase.com midphase.com uat.midphase.com www.midphase.com

blog.thghosting.com

blog-uat.uk2.net blog.uk2.net uat.uk2.net uk2.net wpadmin.uat.uk2.net wpadmin.uk2.net www.uk2.net

blog.vps.net