SSL Certificate Analysis for baloch.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=capitalists.au

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 09, 2026

Valid Until

April 09, 2026 57 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

CA:44:D4:30:FF:D6:F2:9E:DE:CE:1B:45:41:4B:AF:FA:8A:C8:C1:08:49:E5:01:C1:C8:FB:14:70:FC:98:04:C7

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

baloch.com *.baloch.com *.geesar.baloch.com *.habib.baloch.com *.k.baloch.com *.khan.baloch.com *.m.baloch.com *.makarni.baloch.com *.marri.baloch.com *.nx.baloch.com *.pakistan.baloch.com *.saeed.baloch.com *.sex.baloch.com *.sexe.baloch.com *.shaki.baloch.com

Other domains in certificate

3emp.org *.3emp.org *.beta.3emp.org *.ek.3emp.org *.ktuemkevents.3emp.org *.mobil.3emp.org *.net.3emp.org *.sertifika.3emp.org *.tr.3emp.org *.webinartech.3emp.org

capitalists.au *.capitalists.au

electricmotors.au *.electricmotors.au

hkprint.xyz *.hkprint.xyz *.new.hkprint.xyz

jaspersharp.com *.jaspersharp.com *.mail.jaspersharp.com

jbadiorama.com *.jbadiorama.com

lotteryma.com *.lotteryma.com *.ww43.lotteryma.com

lucypeters.org *.lucypeters.org

managedmarketaccess.com *.managedmarketaccess.com

*.agent.mysafehomeinspections.com *.ai.mysafehomeinspections.com *.bot.mysafehomeinspections.com *.integration.mysafehomeinspections.com mysafehomeinspections.com *.mysafehomeinspections.com *.new.mysafehomeinspections.com *.random.mysafehomeinspections.com *.stage.mysafehomeinspections.com *.test.mysafehomeinspections.com

onbetpix.com *.onbetpix.com

payrollsevers.us *.payrollsevers.us

*.analytic.prototype.net.au *.autodiscover.prototype.net.au *.hospitalityfurniture.prototype.net.au prototype.net.au *.prototype.net.au *.uat.prototype.net.au *.ww16.prototype.net.au *.ww38.prototype.net.au

satarbucks.com *.satarbucks.com

suitcase.name *.suitcase.name

*.blablacar.tempos.email *.blog.tempos.email *.online.tempos.email *.quickbuy4u.tempos.email *.seo.tempos.email *.shoppoints.tempos.email tempos.email *.tempos.email

*.random.thehotelcard.au thehotelcard.au *.thehotelcard.au

urbances.store *.urbances.store *.ww25.urbances.store

ysqbag.com *.ysqbag.com

*.cpanel.zapas.com.au zapas.com.au *.zapas.com.au