SSL Certificate Analysis for admin.alloff.it - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=bnskin.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

April 28, 2026

Valid Until

July 27, 2026 71 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

54:08:27:12:F4:26:4D:75:D4:83:4A:A4:F4:65:B3:34:E3:DE:F7:05:E9:EC:34:7F:58:D9:20:71:9A:18:69:64

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

alloff.it *.alloff.it *.admin.alloff.it *.app.alloff.it *.backend.alloff.it *.bi.alloff.it *.owa.alloff.it *.shop.alloff.it

Other domains in certificate

banktulsa.com *.banktulsa.com *.myonlineservices.banktulsa.com *.www.banktulsa.com

bnskin.com *.bnskin.com *.pix.bnskin.com *.sitemap.bnskin.com

*.api.dentopia.online dentopia.online *.dentopia.online

filmstreamingvk.co *.filmstreamingvk.co

grouphealthtrustedcoverage.com *.grouphealthtrustedcoverage.com

*.accoutra.haldigroupltd.com *.crm1.haldigroupltd.com *.crmrwanda.haldigroupltd.com *.eshop.haldigroupltd.com haldigroupltd.com *.haldigroupltd.com *.hr1.haldigroupltd.com *.hrm2.haldigroupltd.com *.mkg.haldigroupltd.com *.officegroup.haldigroupltd.com

jackfrost.com *.jackfrost.com *.mrsherman.jackfrost.com *.webdisk.jackfrost.com *.www.jackfrost.com

*.hostmaster.latin.finance latin.finance *.latin.finance

*.ak.lexmls.com *.armls.lexmls.com *.hostmaster.lexmls.com lexmls.com *.lexmls.com *.mx7.lexmls.com *.ww38.lexmls.com *.www.lexmls.com

*.api.marketingplus.it *.dash.marketingplus.it *.dashs.marketingplus.it *.demo.marketingplus.it *.hostmaster.marketingplus.it *.landed.marketingplus.it marketingplus.it *.marketingplus.it *.owa.marketingplus.it *.reporting.marketingplus.it *.staging.marketingplus.it *.www.marketingplus.it

motorcycledekho.com *.motorcycledekho.com *.usa.motorcycledekho.com *.ww25.motorcycledekho.com *.www.motorcycledekho.com

newerhouses.de *.newerhouses.de

njtowingservices.com *.njtowingservices.com

nuimageweightlossandwellness.com *.nuimageweightlossandwellness.com

nurishfresheats.com *.nurishfresheats.com

*.lol.siamwebhosting.com siamwebhosting.com *.siamwebhosting.com

*.inst.workflowgptautomate.com workflowgptautomate.com *.workflowgptautomate.com

*.666.youtube666.com *.bi.youtube666.com *.ci.youtube666.com *.flow.youtube666.com *.flowise.youtube666.com *.m.youtube666.com *.superset.youtube666.com *.ww41.youtube666.com youtube666.com *.youtube666.com