Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=orra.it
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
April 05, 2026
Valid Until
July 04, 2026
68 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
57:91:D4:E6:1E:8A:5E:C3:9C:BE:CE:54:8C:5D:C1:92:50:BF:E8:F3:22:A8:94:7E:EB:D1:20:0B:09:6C:DC:D8
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
idealis.it
*.idealis.it
*.admin.idealis.it
*.app.idealis.it
*.dev.idealis.it
*.ns1.idealis.it
*.ns3.idealis.it
*.redash.idealis.it
*.staging.idealis.it
*.superset.idealis.it
91qqtv.com
*.91qqtv.com
*.sitemap.91qqtv.com
antiwrinklecream.com.au
*.antiwrinklecream.com.au
*.ww16.antiwrinklecream.com.au
*.ww17.antiwrinklecream.com.au
atsolutions.co
*.atsolutions.co
*.mx.atsolutions.co
*.www.atsolutions.co
dekaazfacilitation.org
*.dekaazfacilitation.org
*.sitemaps.dekaazfacilitation.org
*.app.entitlements.it
*.bi.entitlements.it
*.dualstack.entitlements.it
entitlements.it
*.entitlements.it
*.hostmaster.entitlements.it
*.reporting.entitlements.it
*.hostmaster.irritante.it
irritante.it
*.irritante.it
*.remote.irritante.it
*.www.irritante.it
*.dev.manusiam.com
manusiam.com
*.manusiam.com
*.auto.orra.it
*.bi.orra.it
*.dashboards.orra.it
*.hostmaster.orra.it
*.intelligence.orra.it
*.la-m.orra.it
*.lacam.orra.it
*.metric.orra.it
orra.it
*.orra.it
*.profm.orra.it
*.supersets.orra.it
*.api.printshirt.it
*.dashboard.printshirt.it
*.mail.printshirt.it
*.mail2.printshirt.it
printshirt.it
*.printshirt.it
*.random.printshirt.it
*.staging.printshirt.it
*.superset.printshirt.it
*.api.ummune.com
*.dev.ummune.com
*.hostmaster.ummune.com
*.m.ummune.com
*.sitemap.ummune.com
*.test.ummune.com
ummune.com
*.ummune.com
*.webmail.ummune.com
*.www.ummune.com
*.9c2f6a81-bedf-4a64-952b-91e8ba112bb6.webid-consorsfinanz.lat
*.admin.webid-consorsfinanz.lat
*.api.webid-consorsfinanz.lat
*.app.webid-consorsfinanz.lat
*.assets.webid-consorsfinanz.lat
*.demo.webid-consorsfinanz.lat
*.dev.webid-consorsfinanz.lat
*.test.webid-consorsfinanz.lat
webid-consorsfinanz.lat
*.webid-consorsfinanz.lat
*.webmail.webid-consorsfinanz.lat
*.www.webid-consorsfinanz.lat
*.fznftt.xn--8pr28cr6cq28b.com
*.jiyvnv.xn--8pr28cr6cq28b.com
*.lgvovm.xn--8pr28cr6cq28b.com
*.oowjoc.xn--8pr28cr6cq28b.com
*.sqecnp.xn--8pr28cr6cq28b.com
*.tlnjwx.xn--8pr28cr6cq28b.com
xn--8pr28cr6cq28b.com
*.xn--8pr28cr6cq28b.com
Other domains in certificate