SSL Certificate Analysis for 152.63.199.35.bc.googleusercontent.com - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for *.alpha.sufio.com, *.alpha.sufio.de, *.alpha.sufio.fr, *.beta.sufio.com, *.chi.sufio.com, *.delta.sufio.com, *.delta.sufio.de, *.delta.sufio.fr, *.epsilon.sufio.com, not for 152.63.199.35.bc.googleusercontent.com

Open Cached · just now

79/100 SECURITY SCORE

Certificate Information

Subject

CN=*.alpha.sufio.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

November 11, 2025

Valid Until

February 09, 2026 65 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

9D:B2:01:05:70:32:F9:03:6D:C5:76:44:48:6F:32:25:76:3A:8E:84:FE:FB:EF:08:6B:5D:B9:A4:18:F4:AD:7E

Alternative Names

91 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

91 domains

alpha.sufio.com *.alpha.sufio.com argocd.sufio.com beta.sufio.com *.beta.sufio.com chi.sufio.com *.chi.sufio.com delta.sufio.com *.delta.sufio.com epsilon.sufio.com *.epsilon.sufio.com eta.sufio.com *.eta.sufio.com gamma.sufio.com *.gamma.sufio.com iota.sufio.com *.iota.sufio.com kappa.sufio.com *.kappa.sufio.com lambda.sufio.com *.lambda.sufio.com mu.sufio.com *.mu.sufio.com nu.sufio.com *.nu.sufio.com omega.sufio.com *.omega.sufio.com omicron.sufio.com *.omicron.sufio.com phi.sufio.com *.phi.sufio.com pi.sufio.com *.pi.sufio.com prefect-alpha.sufio.com prefect-delta.sufio.com prefect-gamma.sufio.com prefect-iota.sufio.com prefect-kappa.sufio.com prefect-lambda.sufio.com prefect-omega.sufio.com prefect-sigma.sufio.com psi.sufio.com *.psi.sufio.com rho.sufio.com *.rho.sufio.com rook-test.sufio.com sigma.sufio.com *.sigma.sufio.com sourcegraph.sufio.com tau.sufio.com *.tau.sufio.com theta.sufio.com *.theta.sufio.com upsilon.sufio.com *.upsilon.sufio.com xi.sufio.com *.xi.sufio.com zeta.sufio.com *.zeta.sufio.com

alpha.sufio.de *.alpha.sufio.de delta.sufio.de *.delta.sufio.de gamma.sufio.de *.gamma.sufio.de iota.sufio.de *.iota.sufio.de kappa.sufio.de *.kappa.sufio.de lambda.sufio.de *.lambda.sufio.de omega.sufio.de *.omega.sufio.de sigma.sufio.de *.sigma.sufio.de

alpha.sufio.fr *.alpha.sufio.fr delta.sufio.fr *.delta.sufio.fr gamma.sufio.fr *.gamma.sufio.fr iota.sufio.fr *.iota.sufio.fr kappa.sufio.fr *.kappa.sufio.fr lambda.sufio.fr *.lambda.sufio.fr omega.sufio.fr *.omega.sufio.fr sigma.sufio.fr *.sigma.sufio.fr