SSL Certificate Analysis for yqzh.cloud - Security Grade & TLS Configuration

Open Cached · just now

87/100 SECURITY SCORE

Certificate Information

Subject

CN=kadakgardenhotel.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 28, 2026

Valid Until

April 28, 2026 78 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

72:40:64:DC:AA:48:2B:8C:5D:99:1A:A5:EF:69:84:11:1D:D4:8B:29:DD:35:F3:6E:2F:F1:74:E2:AA:51:39:95

Alternative Names

83 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Content-Security-Policy header to prevent XSS attacks
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

83 domains

yqzh.cloud *.yqzh.cloud *.dev.yqzh.cloud *.gitlab.yqzh.cloud *.k12.yqzh.cloud

Other domains in certificate

65bet999.bet *.65bet999.bet

advanceddeliveryservices.co.uk *.advanceddeliveryservices.co.uk *.mail.advanceddeliveryservices.co.uk *.www.advanceddeliveryservices.co.uk

bigtits.fun *.bigtits.fun *.hostmaster.bigtits.fun

colegiodefarmaceuticos.com *.colegiodefarmaceuticos.com *.sandbox.colegiodefarmaceuticos.com

consumecannibis.com *.consumecannibis.com *.ww25.consumecannibis.com *.ww38.consumecannibis.com

*.dan.dry.mx dry.mx *.dry.mx *.purepejalisco.dry.mx *.random.dry.mx

hmambk.top *.hmambk.top *.m.hmambk.top

kadakgardenhotel.com *.kadakgardenhotel.com *.mail.kadakgardenhotel.com *.mail3.kadakgardenhotel.com *.mymail.kadakgardenhotel.com *.remote.kadakgardenhotel.com

*.hostmaster.myheathspring.com myheathspring.com *.myheathspring.com

*.act.represents.us *.arthur.represents.us *.hhtps.represents.us represents.us *.represents.us

*.2194l.squid88-888.cfd *.ayfpk.squid88-888.cfd *.cxie3.squid88-888.cfd *.hrka1.squid88-888.cfd *.ip4i2.squid88-888.cfd *.m.squid88-888.cfd *.q2s8t.squid88-888.cfd *.qakt3.squid88-888.cfd squid88-888.cfd *.squid88-888.cfd *.zl1z8.squid88-888.cfd

*.6441056b613c32a9.teamspace.com.au *.contour.teamspace.com.au *.dcs8deportes.teamspace.com.au *.gromit.teamspace.com.au teamspace.com.au *.teamspace.com.au

*.268365c40a628d8909cc811bf9b91050.tescorewards.com *.admin.tescorewards.com *.gitlab.tescorewards.com *.sitemap.tescorewards.com tescorewards.com *.tescorewards.com

*.analytics.vivintt.com *.backend.vivintt.com *.blog.vivintt.com *.dash.vivintt.com *.dev.vivintt.com *.hostmaster.vivintt.com *.redash.vivintt.com *.staging.vivintt.com *.superset-ci.vivintt.com *.superset.vivintt.com vivintt.com *.vivintt.com *.workflow.vivintt.com

wespop.com.br *.wespop.com.br *.ww16.wespop.com.br *.ww38.wespop.com.br