SSL Certificate Analysis for www.thenestology.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=maxloh.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

November 27, 2025

Valid Until

February 25, 2026 83 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

71:88:32:6A:40:28:0A:1F:76:BD:BD:4C:58:F5:B6:5B:1F:EE:9B:40:06:55:8C:6B:F6:67:04:D0:65:EE:52:2D

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

www.thenestology.com

Other domains in certificate

adiop.com

afdzal.dev

news.agilecats.xyz

aliens.lk

www.almdata.com

www.anonymous-videochat.com

atanasov-it.de

boxers.deeplinks.bfansports.com

bittheory.io

cinchconsult.com

cocoscamellias.com

www.codeanddesignllc.com

www.cryptoburbs.com

ctaealumnisociety.org

danielle-voyance.fr

delta3a.com

vr.disign.tv

auth.dms-nr5.com

editshub.co

expansiverse.com

www.extraspell.com

fairviewfellowshiphome.com

auth.finturtle.com

demo-app.fix4.com

flowcubostudio.com

fourfourclue.com

dev.frieppy.com

www.fxcatalyst.in

www.gigabytetech.us

app-dev.global66.com

www.hellomustache.com

www.hoewerktmijnlichaam.nl

iterabeat.com

s.joker.li

judithmacdonald-lawson.co.uk

kactudetallesyaccesoriosec.com

dashboard.karnott.fr

www.keyscalefinder.com

ladoleste.com.br

lamadroid.com

letheredu.de

beta.lfgames.net

livetipper.com

cn.marsstone.net

maxloh.com

admin.mereka.dev

mevida.no

mfmc.link

mooncr.com

www.mz-bazaar.com

nagao-inc.net

nlcorporation.in

trash-kitchen.nukumo.link

orangesnow.ng

ottovandepol.nl

pastificiodelprete.com

pearsonprojects.com

penpass.net

triple.pensioeninzichtonline.nl

000-pixelplex-io-uat.pixelplexlabs.com

go.planilink.com

app.planreach.com

pmrcedifice.com

dashboard.pollenpatrollers.com

vendor-dev10.qlub.cloud

admin.residentex.com

staging.s-learning.co.uk

saanaas.com

www.sayhelp.com

panel.scale-up2025.com

scholarize.io

simplezakat.com

fb-dev.soundbranch.com

sp-finance.nl

splitsdata.com

livelegends.sqiffer.com

app.storebuddy.dk

stumblingswingout.com

tatkaarbeats.com

tedbyproxy.com

themove.vip

thesilverbackway.com

tiklamasyon.com

tjexp.co

tweetyai.com

twolast.com

usapatriottoken.com

www.verbruikskosten.nl

virtueware.com

visheshdev.in

vividmindsoft.com

vlpartneri.cz

voidnico.com

meta.volumio.org

whiskypick.com

www.wilmeltech.com

www.wingyuchan.com

xcodingdev.com