SSL Certificate Analysis for 1800idea.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=cosmo789.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 07, 2026

Valid Until

May 08, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

21:4E:DB:8D:8F:13:78:80:FC:62:58:51:4D:E2:59:BD:82:9F:A1:51:BF:75:1F:EE:A6:D1:6E:D5:C0:67:EC:6E

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

1800idea.com *.1800idea.com *.api.1800idea.com *.beta.1800idea.com *.dev.1800idea.com *.mail.1800idea.com *.test.1800idea.com *.ww17.1800idea.com *.www.1800idea.com

Other domains in certificate

4roblox.com *.4roblox.com *.hostmaster.4roblox.com *.random.4roblox.com *.ww25.4roblox.com *.ww38.4roblox.com

akello.com *.akello.com *.blog.akello.com *.demo.akello.com *.dev.akello.com *.jmc.akello.com *.library.akello.com *.mail.akello.com *.portal.akello.com *.remote.akello.com *.remote2.akello.com *.sitemap.akello.com *.smartlearning.akello.com *.ssl.akello.com *.sslvpn.akello.com *.sslvpn2.akello.com *.sslvpn3.akello.com *.vpn.akello.com *.vpn2.akello.com *.vpn3.akello.com *.webmail.akello.com *.wp.akello.com *.ww16.akello.com *.ww38.akello.com

blissbear.net *.blissbear.net *.dev.blissbear.net *.notexistsdemo.blissbear.net *.redhat.blissbear.net *.reporting.blissbear.net *.reports.blissbear.net

cosmo789.com *.cosmo789.com *.ww25.cosmo789.com

*.backend.fowler.it fowler.it *.fowler.it

*.connectvpn.kevlin.com *.gateway.kevlin.com kevlin.com *.kevlin.com *.mobile.kevlin.com *.office.kevlin.com *.portal.kevlin.com *.secureaccess.kevlin.com *.ssl.kevlin.com *.vpn.kevlin.com *.vpn2.kevlin.com *.web.kevlin.com *.webvpn.kevlin.com *.ww16.kevlin.com *.ww17.kevlin.com

*.app.manhattanspiritualsomatictherapy.com *.assets.manhattanspiritualsomatictherapy.com *.dashboard.manhattanspiritualsomatictherapy.com manhattanspiritualsomatictherapy.com *.manhattanspiritualsomatictherapy.com *.rds.manhattanspiritualsomatictherapy.com *.remote.manhattanspiritualsomatictherapy.com

*.3d57d7c2-c614-4f2d-8982-e84639f2a183.pagarag.com *.cpanel.pagarag.com *.ftp.pagarag.com pagarag.com *.pagarag.com *.smtp.pagarag.com *.webdisk.pagarag.com *.webmail.pagarag.com

pelangitoto.bio *.pelangitoto.bio

thegiveaway.co *.thegiveaway.co

*.autodiscover.theonenail.com.au theonenail.com.au *.theonenail.com.au *.ww38.theonenail.com.au