SSL Certificate Analysis for auth.symprod.apps.mxosc.jll.com - Security Grade & TLS Configuration | DNS Gurus

Open Cached · just now

75/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=Illinois, L=Chicago, O=Jones Lang LaSalle Incorporated, CN=sansites2.jll.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1

Valid From

July 31, 2025

Valid Until

July 31, 2026 221 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

6D:7B:51:BD:46:24:6D:12:D1:D8:03:B1:C2:B6:34:FD:2D:E0:BE:63:A3:BF:71:96:CF:C3:A1:1F:BB:38:73:D6

Alternative Names

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

94 domains

sansites2.jll.com qa.cn.jll.com qa.de.jll.com qa.fr.jll.com qa.in.jll.com qa.jp.jll.com qa.uk.jll.com ts.cloud.jll.com portal.dev.wmh.jll.com admin.symprod.apps.mxosc.jll.com api.symprod.apps.mxosc.jll.com auth.symprod.apps.mxosc.jll.com home.symprod.apps.mxosc.jll.com maxinst.manage.symprod.apps.mxosc.jll.com symprod-all.manage.symprod.apps.mxosc.jll.com symprod.home.symprod.apps.mxosc.jll.com symprod.manage.symprod.apps.mxosc.jll.com

Other domains in certificate

account.afpaces.com afpaces.com budgettool-qa.afpaces.com budgettool.afpaces.com eul-legacy.afpaces.com landing-legacy.afpaces.com landing.afpaces.com legacy.afpaces.com lodging.afpaces.com loe-qa.afpaces.com loe.afpaces.com portal-legacy.afpaces.com qa.afpaces.com up-assessment-qa.afpaces.com up-assessment.afpaces.com up-legacy.afpaces.com up.afpaces.com www.afpaces.com

atginc.com

apac.v2.beifederation.com api.apac.v2.beifederation.com api.dev.core.beifederation.com api.dev.v2.beifederation.com api.plab.v2.beifederation.com api.predev.core.beifederation.com api.predev.v2.beifederation.com api.qa.v2.beifederation.com api.sadev.core.beifederation.com avatar.apac.v2.beifederation.com avatar.dev.prism.beifederation.com avatar.dev.v2.beifederation.com avatar.plab.v2.beifederation.com avatar.predev.v2.beifederation.com avatar.qa.v2.beifederation.com bengie-dev.beifederation.com bengie-qa.beifederation.com bengie.beifederation.com channelintegration.dev.tx.beifederation.com channelintegration.qa.tx.beifederation.com dev.core.beifederation.com dev.data.beifederation.com dev.v2.beifederation.com elbapi.dev.prism.beifederation.com green-apipredev.core.beifederation.com green-dev.core.beifederation.com green-pmapi.predev.core.beifederation.com green-predev.core.beifederation.com plab.v2.beifederation.com pmapi.dev.core.beifederation.com pmapi.predev.core.beifederation.com predev.core.beifederation.com predev.v2.beifederation.com qa.v2.beifederation.com sadev.beifederation.com sisense.dev.data.beifederation.com storybook.dev.v2.beifederation.com

bridgepointmiamistation.com www.bridgepointmiamistation.com

jllminiprogram.joneslanglasalle.com.cn

ent-noc-am.corrigo.net pro-noc-am.corrigo.net

jll.de

uat.jllonesource.com

de.officefinder.app uat-de.officefinder.app

demo.rdmdocs.com feil.rdmdocs.com mondayre.rdmdocs.com sketches.rdmdocs.com trinity.rdmdocs.com

ruijiandata.com www.ruijiandata.com

api.spacesshowcase.com dev.spacesshowcase.com devapi.spacesshowcase.com spacesshowcase.com

warehousefinder.pl