SSL Certificate Analysis for api.pnwpot.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=barge.au

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 19, 2026

Valid Until

August 17, 2026 75 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

47:4A:59:8C:F5:AD:A7:D4:94:73:D9:49:03:A5:8F:8F:C6:89:99:4A:FF:CB:63:72:B5:1F:D2:50:80:E4:BA:25

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

pnwpot.com *.pnwpot.com *.1039c44a-9bd4-46e1-babe-5b21801a1dfc.pnwpot.com *.api.pnwpot.com *.app.pnwpot.com *.argo.pnwpot.com *.backend.pnwpot.com *.bbs.pnwpot.com *.bdb2276e-0796-4821-b810-0c1b45638e76.pnwpot.com *.bi.pnwpot.com *.blog.pnwpot.com *.dashboards.pnwpot.com *.dev.pnwpot.com *.development.pnwpot.com *.e693e66c-10bb-4434-9e04-1fd3a88bf031.pnwpot.com *.forums.pnwpot.com *.intelligence.pnwpot.com *.intranet.pnwpot.com *.m.pnwpot.com *.metrics.pnwpot.com *.mta-sts.pnwpot.com *.orkflow.pnwpot.com *.otc.pnwpot.com *.portal.pnwpot.com *.remote.pnwpot.com *.shop.pnwpot.com *.sitemap.pnwpot.com *.sitemaps.pnwpot.com *.staging.pnwpot.com *.stats.pnwpot.com *.store.pnwpot.com *.superset.pnwpot.com *.vpn.pnwpot.com *.workflow.pnwpot.com *.www.pnwpot.com *.xckkfm.pnwpot.com

Other domains in certificate

amritanjali.com *.amritanjali.com *.mycloud.amritanjali.com *.office2.amritanjali.com *.rdweb.amritanjali.com *.security.amritanjali.com *.start.amritanjali.com *.terminal2.amritanjali.com

angelsloan.com *.angelsloan.com *.ebay.angelsloan.com

barge.au *.barge.au

bemoko.com *.bemoko.com *.blog.bemoko.com *.development.bemoko.com *.host.bemoko.com *.imap.bemoko.com *.m.bemoko.com *.mail02.bemoko.com *.mailbox.bemoko.com *.smtpmail.bemoko.com *.spam.bemoko.com *.ww38.bemoko.com

constructed.au *.constructed.au *.wildcard.constructed.au *.ww25.constructed.au *.ww84.constructed.au

*.analytic.maisonjomere.com *.gp.maisonjomere.com maisonjomere.com *.maisonjomere.com *.poc.maisonjomere.com *.vpn2.maisonjomere.com *.ww25.maisonjomere.com

*.co.newlikud.org newlikud.org *.newlikud.org

*.analytics.powergain.it *.analyze.powergain.it *.api.powergain.it *.app.powergain.it *.hotfix.powergain.it *.mx.powergain.it *.notexistsbackend.powergain.it powergain.it *.powergain.it

thedeadpixelofmyeye.com *.thedeadpixelofmyeye.com *.ww38.thedeadpixelofmyeye.com