SSL Certificate Analysis for agent.brightstartcare.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=back-glass.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

March 20, 2026

Valid Until

June 18, 2026 35 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

34:EC:21:89:36:32:E8:54:4C:B2:BA:FF:B5:F7:6C:40:49:C9:77:A7:6A:DD:95:7F:91:24:31:F2:B6:53:36:3A

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

brightstartcare.com *.brightstartcare.com *.charge.brightstartcare.com *.flow.brightstartcare.com *.hotels.brightstartcare.com *.hotfix.brightstartcare.com *.insight.brightstartcare.com *.mabs.brightstartcare.com *.superset.brightstartcare.com *.test.brightstartcare.com

Other domains in certificate

aaronconcert.com *.aaronconcert.com *.facebook.aaronconcert.com *.ww16.aaronconcert.com *.ww38.aaronconcert.com

americansteelcarportsinc.com *.americansteelcarportsinc.com

back-glass.com *.back-glass.com *.random.back-glass.com *.ww25.back-glass.com *.www.back-glass.com

clubedaagua.com *.clubedaagua.com

*.alfameq.commercesuit.com.br commercesuit.com.br *.commercesuit.com.br *.goldapis.commercesuit.com.br *.lineatapetes.commercesuit.com.br *.platinametal.commercesuit.com.br *.triwaysports.commercesuit.com.br *.ww25.commercesuit.com.br

essexsportsbar.com *.essexsportsbar.com *.random.essexsportsbar.com *.ww25.essexsportsbar.com

hadiyafordupage.com *.hadiyafordupage.com *.ww38.hadiyafordupage.com

leaderspack.com *.leaderspack.com *.portal.leaderspack.com

massairflowsensor.com *.massairflowsensor.com

modernfrog.com *.modernfrog.com *.random.modernfrog.com

montlyfool.com *.montlyfool.com *.ww38.montlyfool.com

msnsportsnetwork.com *.msnsportsnetwork.com

*.fiberarthangzhou.nomad-bali.com *.lhsr.nomad-bali.com nomad-bali.com *.nomad-bali.com

observatoriopnrs.org *.observatoriopnrs.org

*.ghzy.qican.com qican.com *.qican.com *.www.qican.com

rutor.li *.rutor.li *.ww25.rutor.li

*.random.slccfwoodlooring.com slccfwoodlooring.com *.slccfwoodlooring.com

sreameast.ps *.sreameast.ps *.ww25.sreameast.ps *.ww38.sreameast.ps

sunsetlandingrvpark.com *.sunsetlandingrvpark.com *.ww25.sunsetlandingrvpark.com

universityofillinois.com *.universityofillinois.com

whathaveyoutried.com *.whathaveyoutried.com *.wildcard.whathaveyoutried.com *.ww38.whathaveyoutried.com

whatthehealthapp.com *.whatthehealthapp.com

*.mail.wphrc14.com wphrc14.com *.wphrc14.com *.www.wphrc14.com

*.ww25.yamiero.com yamiero.com *.yamiero.com