SSL Certificate Analysis for aux1.ru - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=xn--1sq10hb10brmg.com

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

June 18, 2026

Valid Until

September 16, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A7:44:D0:C6:AF:21:A5:B2:BB:AF:17:E4:85:69:2C:42:10:D4:6F:12:0E:F4:32:3E:90:B6:96:0B:F4:1F:9E:EF

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

aux1.ru *.aux1.ru *.airflow.aux1.ru *.flow.aux1.ru *.m.aux1.ru *.mail.aux1.ru *.ww.aux1.ru

Other domains in certificate

*.8ab672cc-02fe-4611-bf30-85cddb2ec26c.boss8.app *.api.boss8.app *.app.boss8.app *.backup.boss8.app *.blog.boss8.app boss8.app *.boss8.app *.dev.boss8.app *.ee197802-5996-4d4b-ade0-1a2a5645522e.boss8.app *.enxkwapi.boss8.app *.m.boss8.app *.mail.boss8.app *.news.boss8.app *.press.boss8.app *.staging.boss8.app *.uat.boss8.app

*.api.clinvy.online clinvy.online *.clinvy.online *.demo.clinvy.online *.www.clinvy.online

*.cp.fashionmantra.io fashionmantra.io *.fashionmantra.io *.super.fashionmantra.io *.www.fashionmantra.io

*.admin.mikaelkristensson.com *.app.mikaelkristensson.com *.assets.mikaelkristensson.com *.blog.mikaelkristensson.com *.hostmaster.mikaelkristensson.com mikaelkristensson.com *.mikaelkristensson.com *.www.mikaelkristensson.com

*.adm.noolhar.com *.banner.noolhar.com *.corp.noolhar.com noolhar.com *.noolhar.com *.vespro.noolhar.com *.ww25.noolhar.com

*.77124452-345b-4f83-8423-19fadb50a001.pyraflex.com pyraflex.com *.pyraflex.com *.www.pyraflex.com

*.demo.santahoki88-login.com *.eddxkv1.santahoki88-login.com *.mail.santahoki88-login.com santahoki88-login.com *.santahoki88-login.com *.secure.santahoki88-login.com *.staging.santahoki88-login.com *.uat.santahoki88-login.com *.v2.santahoki88-login.com

*.api.workiva.xyz *.dev.workiva.xyz *.mail.workiva.xyz *.test.workiva.xyz workiva.xyz *.workiva.xyz

*.connect.xn--1sq10hb10brmg.com *.desktop.xn--1sq10hb10brmg.com *.ra.xn--1sq10hb10brmg.com *.rdweb.xn--1sq10hb10brmg.com *.sitemap.xn--1sq10hb10brmg.com *.vpn.xn--1sq10hb10brmg.com *.vpn2.xn--1sq10hb10brmg.com *.vpnssl.xn--1sq10hb10brmg.com *.webvpn.xn--1sq10hb10brmg.com *.wildcard.xn--1sq10hb10brmg.com xn--1sq10hb10brmg.com *.xn--1sq10hb10brmg.com

*.alpha.xn--9c7a.com *.m.xn--9c7a.com *.sitemap.xn--9c7a.com *.wildcard.xn--9c7a.com xn--9c7a.com *.xn--9c7a.com

*.h5.ybrysm.com *.m.ybrysm.com *.www.ybrysm.com ybrysm.com *.ybrysm.com