SSL Certificate Analysis for cleanin.it - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=connectbyyamfam.com

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

May 31, 2026

Valid Until

August 29, 2026 80 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

08:EC:54:B4:8C:A9:F4:9C:72:00:6F:9B:D0:EC:9B:38:4D:68:4E:EF:AE:3E:D2:0D:0E:2F:74:6F:0E:31:72:E3

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

cleanin.it *.cleanin.it *.staging.cleanin.it

Other domains in certificate

6256.in *.6256.in

*.audmjww38.bloberaft.club bloberaft.club *.bloberaft.club *.zj9x6sbzw3.bloberaft.club

boycott-thor.com *.boycott-thor.com *.smtp.boycott-thor.com *.www.boycott-thor.com

ciaobistro-luca.com *.ciaobistro-luca.com *.hostmaster.ciaobistro-luca.com *.www.ciaobistro-luca.com

connectbyyamfam.com *.connectbyyamfam.com

*.583faece-edf7-449a-9c87-6ff7eee8f0c5.earncrypto.vip *.9d9f8818-4d61-43c2-997c-159706b4fdb0.earncrypto.vip *.admin.earncrypto.vip *.backend.earncrypto.vip earncrypto.vip *.earncrypto.vip *.mta-sts.earncrypto.vip *.vip.earncrypto.vip *.ww25.earncrypto.vip *.www.earncrypto.vip

gestionicondomini.it *.gestionicondomini.it *.mail.gestionicondomini.it

grammarlypro.click *.grammarlypro.click *.ww25.grammarlypro.click

jewelrymaker.it *.jewelrymaker.it *.remote.jewelrymaker.it

*.edit.marines-de-cogolin.com marines-de-cogolin.com *.marines-de-cogolin.com

neysurethailand.online *.neysurethailand.online *.www.neysurethailand.online

nicanorautosales.com *.nicanorautosales.com *.pay.nicanorautosales.com

*.cpcontacts.parisajewellery.co.uk parisajewellery.co.uk *.parisajewellery.co.uk

permissoes.com.br *.permissoes.com.br

*.log.pigmer.com pigmer.com *.pigmer.com *.terminal.pigmer.com

*.com.pollock.org *.fritz.pollock.org *.intl.pollock.org *.jackson.pollock.org pollock.org *.pollock.org *.random.pollock.org *.ssl.pollock.org *.staging.pollock.org

startmyeducation.org *.startmyeducation.org *.ww25.startmyeducation.org

*.im4.texaspanhandle.com texaspanhandle.com *.texaspanhandle.com *.vxn.texaspanhandle.com *.ww17.texaspanhandle.com *.www.texaspanhandle.com

*.mail.theblueknx.store theblueknx.store *.theblueknx.store *.ww16.theblueknx.store

*.mailhost.themobileoutlet.co.uk *.mx.themobileoutlet.co.uk themobileoutlet.co.uk *.themobileoutlet.co.uk

tzisicgisw.com *.tzisicgisw.com *.ww25.tzisicgisw.com *.ww38.tzisicgisw.com *.www.tzisicgisw.com

*.ww25.yfb.au yfb.au *.yfb.au