SSL Certificate Analysis for beta.onpointconsultants.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=onpointconsultants.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 19, 2026

Valid Until

August 17, 2026 87 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

44:0D:68:76:2B:14:63:3D:A5:52:29:C6:35:B3:BD:DB:26:5F:A1:8A:E3:9C:C9:94:73:EF:36:56:BD:CC:00:FD

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

onpointconsultants.com *.onpointconsultants.com *.beta.onpointconsultants.com *.m.onpointconsultants.com *.rdp.onpointconsultants.com *.rlrombackup.onpointconsultants.com *.sitemap.onpointconsultants.com

Other domains in certificate

02860.pro *.02860.pro

13278.win *.13278.win

16131.loan *.16131.loan

16565.pro *.16565.pro

21828.win *.21828.win

ccqdp.gdn *.ccqdp.gdn

chattdeck.com *.chattdeck.com

cjkrealestate.com *.cjkrealestate.com

ck-fortapg.bet *.ck-fortapg.bet

ckaaa.bid *.ckaaa.bid

ckaaa.loan *.ckaaa.loan

cknnn.loan *.cknnn.loan

cksss.bid *.cksss.bid

cksss.loan *.cksss.loan

ckxxx.bid *.ckxxx.bid

ckxxx.loan *.ckxxx.loan

ckyyy.loan *.ckyyy.loan

ckzzz.loan *.ckzzz.loan

claimto.cc *.claimto.cc

hoppmark.com *.hoppmark.com

hp67ue.cc *.hp67ue.cc

huilesberliet.com *.huilesberliet.com

indiatulw.click *.indiatulw.click

jkhkl.loan *.jkhkl.loan

joshcopitch.org *.joshcopitch.org

js-media.org *.js-media.org

*.api.pichincrha.cfd *.bcrgpvtw.pichincrha.cfd *.blstukdm.pichincrha.cfd *.ftmzjiny.pichincrha.cfd *.marketing.pichincrha.cfd *.nqurtjwm.pichincrha.cfd *.odhbcsei.pichincrha.cfd pichincrha.cfd *.pichincrha.cfd *.remdzbwk.pichincrha.cfd *.tbfpuckr.pichincrha.cfd *.toeulnks.pichincrha.cfd *.v2.pichincrha.cfd *.whvfonjb.pichincrha.cfd *.wosdajrl.pichincrha.cfd *.www.pichincrha.cfd *.yzrlcwmd.pichincrha.cfd *.zyexrsjg.pichincrha.cfd

truefoodhub.food *.truefoodhub.food

uwcnud.cc *.uwcnud.cc

valueceremony.beauty *.valueceremony.beauty

velihy.pro *.velihy.pro

vghxi.my *.vghxi.my

vibing.spot *.vibing.spot