SSL Certificate Analysis for api.abuhamad.com - Security Grade & TLS Configuration

Certificate Information

Subject

CN=hautejobs.co.uk

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 07, 2026

Valid Until

May 08, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B6:D5:E1:B1:7E:5E:9B:DF:90:B8:26:81:A8:F2:E3:C6:CB:13:C5:63:99:75:CD:BE:E8:2A:89:F8:FA:AF:A2:71

Alternative Names

80 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

80 domains

abuhamad.com *.abuhamad.com *.admin.abuhamad.com *.api.abuhamad.com *.hostmaster.abuhamad.com *.m.abuhamad.com *.staging.abuhamad.com *.ww11.abuhamad.com *.ww16.abuhamad.com *.ww5.abuhamad.com *.www.abuhamad.com

Other domains in certificate

*.bill.dahmeplumbing.com *.bredband.dahmeplumbing.com dahmeplumbing.com *.dahmeplumbing.com *.mail.dahmeplumbing.com *.ww25.dahmeplumbing.com

*.cpanel.gioacchino.net gioacchino.net *.gioacchino.net

hautejobs.co.uk *.hautejobs.co.uk

*.7j.imagen.com *.andreinaflores.imagen.com *.anime.imagen.com *.bison.imagen.com *.casinobellavista.imagen.com *.costabajaresort.imagen.com *.crane.imagen.com *.create.imagen.com *.cuevapintada.imagen.com *.dingo.imagen.com *.editorial.imagen.com *.eivis-mendoza-imagen.imagen.com *.emiliana.imagen.com *.emn.imagen.com *.event.imagen.com *.example.imagen.com *.ffffffffffff.imagen.com *.gatekeeper.imagen.com *.google.imagen.com *.hawk.imagen.com imagen.com *.imagen.com *.la.imagen.com *.login.imagen.com *.mantaray.imagen.com *.mi.imagen.com *.moira.imagen.com *.mx.imagen.com *.omarenciso.imagen.com *.primera.imagen.com *.pro.imagen.com *.reciclaje.imagen.com *.ros.imagen.com *.sales.imagen.com *.sg.imagen.com *.shark.imagen.com *.sun470.imagen.com *.tasarteya.imagen.com *.tu.imagen.com *.webmail.imagen.com *.ww16.imagen.com *.ww25.imagen.com *.www.imagen.com *.xxx.imagen.com

msfirebridge.com *.msfirebridge.com *.www.msfirebridge.com

spectech.online *.spectech.online *.ww25.spectech.online *.ww38.spectech.online

sprouter.co *.sprouter.co *.www.sprouter.co

*.app.thai99.io *.test.thai99.io thai99.io *.thai99.io