SSL Certificate Analysis for brceramic.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=rtknv.cc

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

March 28, 2026

Valid Until

June 26, 2026 53 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D6:76:4E:7E:44:99:53:A6:E2:0B:6E:45:80:E8:77:07:43:71:A2:7C:AF:1A:12:99:A7:61:45:E5:3B:17:42:9A

Alternative Names

86 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

86 domains

brceramic.com *.brceramic.com

Other domains in certificate

assegnoscoperto.it *.assegnoscoperto.it *.remote.assegnoscoperto.it

d000h.com *.d000h.com *.ww38.d000h.com

*.988461bb-d5f8-4638-ae05-d49f2a3f4826.dy-bosepg.bet *.admin.dy-bosepg.bet *.api.dy-bosepg.bet *.app.dy-bosepg.bet *.assets.dy-bosepg.bet *.demo.dy-bosepg.bet *.dev.dy-bosepg.bet dy-bosepg.bet *.dy-bosepg.bet *.hostmaster.dy-bosepg.bet *.members.dy-bosepg.bet *.new.dy-bosepg.bet *.outlook.dy-bosepg.bet *.spam.dy-bosepg.bet *.test.dy-bosepg.bet

*.api.eo88.sbs *.demo.eo88.sbs eo88.sbs *.eo88.sbs *.staging.eo88.sbs *.www1.eo88.sbs

lenautique-laciotat.fr *.lenautique-laciotat.fr *.ww25.lenautique-laciotat.fr *.ww38.lenautique-laciotat.fr

*.hostmaster.lhub.my lhub.my *.lhub.my *.www.lhub.my

*.hostmaster.marketing-immobiliare.it marketing-immobiliare.it *.marketing-immobiliare.it

marketingcloud.in *.marketingcloud.in *.salesforce.marketingcloud.in *.www.marketingcloud.in

*.admin.mobtakeranmashhad.com *.api.mobtakeranmashhad.com *.beta.mobtakeranmashhad.com mobtakeranmashhad.com *.mobtakeranmashhad.com *.student.mobtakeranmashhad.com

orbiterr.tech *.orbiterr.tech *.ww38.orbiterr.tech

phiswelt.com *.phiswelt.com *.ww38.phiswelt.com

postcodes.net.au *.postcodes.net.au

*.65lkjv8k0u0f.rtknv.cc *.admin.rtknv.cc *.api.rtknv.cc *.app.rtknv.cc *.assets.rtknv.cc *.demo.rtknv.cc *.dev.rtknv.cc *.hostmaster.rtknv.cc *.jxvrmwsk.rtknv.cc *.nhlltdemo.rtknv.cc rtknv.cc *.rtknv.cc *.staging.rtknv.cc *.test.rtknv.cc

stulchik.bet *.stulchik.bet

*.ag.xdea.top *.cdn.xdea.top *.node.xdea.top *.prx.xdea.top xdea.top *.xdea.top *.xmux.xdea.top

*.zona-fitness-del-valle.zona-fitness.club *.zona-fitness-esmeralda.zona-fitness.club *.zona-fitness-san-angel.zona-fitness.club zona-fitness.club *.zona-fitness.club