SSL Certificate Analysis for admin.purgo.it - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=tropfen.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 21, 2026

Valid Until

August 19, 2026 53 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F0:15:7E:86:F9:97:96:9B:4F:02:88:99:F9:18:5B:FD:22:C2:C9:ED:A3:09:F6:BC:4A:94:C1:FA:DF:98:04:4D

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

purgo.it *.purgo.it *.admin.purgo.it *.app.purgo.it *.intelligence.purgo.it *.remote.purgo.it *.reports.purgo.it *.superset.purgo.it *.visual.purgo.it

Other domains in certificate

cssinorewards.com *.cssinorewards.com *.email.cssinorewards.com *.www.cssinorewards.com

culturetrip.it *.culturetrip.it *.remote.culturetrip.it

flixster.it *.flixster.it *.wildcard.flixster.it *.ww16.flixster.it

*.hostmaster.intelligences.it intelligences.it *.intelligences.it *.mail.intelligences.it *.remote.intelligences.it *.webmail.intelligences.it

*.4bb1cdc3-8e4f-4088-88c1-05fd9fcdf9dc.kinnav.art *.5e94e4ec-8d54-42fd-8a91-8ae91b60574b.kinnav.art *.987ceb80-6374-490d-9411-0b2ce566819c.kinnav.art *.admin.kinnav.art *.api.kinnav.art *.app.kinnav.art *.assets.kinnav.art *.c9d06306-6280-4ddd-bec6-60caeb087667.kinnav.art *.dashboard.kinnav.art *.demo.kinnav.art *.dev.kinnav.art kinnav.art *.kinnav.art *.staging.kinnav.art *.test.kinnav.art *.www.kinnav.art

macyspayment.com *.macyspayment.com *.ns1.macyspayment.com *.users.macyspayment.com *.ww25.macyspayment.com

*.8pd8pi.msjunkfood.com msjunkfood.com *.msjunkfood.com *.www.msjunkfood.com

*.ftp.napstar.co.uk napstar.co.uk *.napstar.co.uk *.ns.napstar.co.uk

*.com.searchpeoplefree.co *.random.searchpeoplefree.co searchpeoplefree.co *.searchpeoplefree.co *.ww25.searchpeoplefree.co *.ww38.searchpeoplefree.co

*.hostmaster.smartfuture.it *.mx.smartfuture.it smartfuture.it *.smartfuture.it *.www.smartfuture.it

sophiesbeautybar.com *.sophiesbeautybar.com

suriyebayramizni.com *.suriyebayramizni.com

tropfen.com *.tropfen.com *.www.tropfen.com

*.bbs.verde-oro.com *.dashs.verde-oro.com *.intel.verde-oro.com *.intelligence.verde-oro.com *.reporting.verde-oro.com *.research.verde-oro.com verde-oro.com *.verde-oro.com

waxdepot.com *.waxdepot.com

*.random.womensjewellery.com.au womensjewellery.com.au *.womensjewellery.com.au

*.m.zkmls.com *.www.zkmls.com zkmls.com *.zkmls.com