SSL Certificate Analysis for assets.ikomex.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=thejack.it

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

April 23, 2026

Valid Until

July 22, 2026 66 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

34:9B:7B:85:4F:A5:22:F5:AC:86:5C:93:5C:95:14:41:B7:29:7A:83:0A:81:D7:18:6E:E8:D2:3D:51:09:23:3B

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

ikomex.com *.ikomex.com *.gateway.ikomex.com *.uyinpdko.ikomex.com

Other domains in certificate

chibabannkco-jp.org *.chibabannkco-jp.org *.ns1.chibabannkco-jp.org

*.9087ee47-46a8-4d2a-a249-a21a2ce7b489.epenny.com *.a5mesyaq3prxbqml.epenny.com *.admin.epenny.com *.analytic.epenny.com *.app.epenny.com *.argo.epenny.com *.autodiscover.epenny.com *.backup.epenny.com *.bfahsworth.epenny.com *.biolifeplasma.epenny.com *.chart.epenny.com *.dashboard.epenny.com *.demo.epenny.com *.dev.epenny.com *.email.epenny.com epenny.com *.epenny.com *.exchange.epenny.com *.eye.epenny.com *.flyscoot.epenny.com *.frontend.epenny.com *.gestion.epenny.com *.hostmaster.epenny.com *.hrm.epenny.com *.imap.epenny.com *.m.epenny.com *.mail.epenny.com *.marketing.epenny.com *.mobile.epenny.com *.music.epenny.com *.mx1.epenny.com *.notexistsgestion.epenny.com *.notexistshrm.epenny.com *.notexistsmusic.epenny.com *.notexistsmx1.epenny.com *.notexistsrelay.epenny.com *.notexistsreport.epenny.com *.notexistssupport.epenny.com *.pbrand.epenny.com *.random.epenny.com *.relay.epenny.com *.remote.epenny.com *.report.epenny.com *.reports.epenny.com *.secure.epenny.com *.smtp.epenny.com *.staging.epenny.com *.stg.epenny.com *.superset.epenny.com *.support.epenny.com *.transactions.epenny.com *.uat.epenny.com *.v1.epenny.com *.vpn.epenny.com *.wap.epenny.com *.web.epenny.com *.webmail.epenny.com *.wildcard.epenny.com *.worth.epenny.com *.www.epenny.com

*.app.givingherealw.com givingherealw.com *.givingherealw.com

*.demo.piscinaidromassaggio.it piscinaidromassaggio.it *.piscinaidromassaggio.it

*.chart.thejack.it *.dashboard.thejack.it *.data.thejack.it *.hostmaster.thejack.it *.intelligence.thejack.it *.redash.thejack.it *.reporting.thejack.it *.research.thejack.it *.supersets.thejack.it thejack.it *.thejack.it *.www.thejack.it

*.www.zenseap.com zenseap.com *.zenseap.com