SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for *.admexico.com.mx, *.condenast.es, *.calicoclub.co.uk, *.cnworld.es, *.condenast.mx, *.newyorker.com, *.wired.uk, *.revistaad.es, *.pitchforkmusicfestival.com, not for cnportrait.com
Open
Cached
·
just now
90/100
SECURITY SCORE
Certificate Information
Subject
CN=*.admexico.com.mx
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M04
Valid From
October 23, 2025
Valid Until
November 21, 2026
325 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5C:80:B0:EF:F1:DA:D5:A3:1C:2A:9B:3A:5F:49:1A:BF:5F:E6:A1:A4:08:FE:74:2B:C0:AF:EF:D1:0E:6F:05:D2
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=63072000; includeSubDomains; preload
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=(), geolocation=(), interest-cohort=()
Recommendations
- • Add Content-Security-Policy header to prevent XSS attacks
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
*.admexico.com.mx
*.admiddleeast.com
*.allure.com
*.architecturaldigest.com
*.architecturaldigest.com.mx
*.arstechnica.co.uk
*.arstechnica.uk
*.bonappetit.com
*.calicoclub.co.uk
*.cnidigital.in
*.cntraveiier.com
*.cntraveler.com
*.cntraveller.com
*.cntraveller.in
*.cntraveller.uk
*.cntravellerme.com
*.cntravelller.com
*.cnworld.es
*.condenast.com.tw
*.condenast.co.uk
*.condenast.com.mx
*.condenast.de
*.condenast.es
*.condenast.fr
*.condenast.in
*.condenast.it
*.condenast.jp
*.condenast.mx
*.condenastcollege.ac.uk
*.condenastcollege.com
*.condenastcollege.es
*.condenastdigital.com
*.condenastdigital.de
*.condenastjohansens.com
*.condenastjohansensguides.com
*.condenastmexico-latam.com
*.api.condenet.co.uk
*.cms.condenet.co.uk
*.condenet.co.uk
*.four-oh-three.condenet.co.uk
*.hg.condenet.co.uk
*.prod.api.condenet.co.uk
*.prod.cms.condenet.co.uk
*.prod.www.condenet.co.uk
*.staging.api.condenet.co.uk
*.staging.cms.condenet.co.uk
*.staging.www.condenet.co.uk
*.glamour.com
*.glamour.com.mx
*.glamour.de
*.glamourmagazine.co.uk
*.glmr.uk
*.gq-magazine.co.uk
*.gq.co.uk
*.gq.com
*.gq.de
*.gq.uk
*.gqeditorsclub.co.uk
*.gqeditorsclub.com
*.gqheroes.co.uk
*.gqheroes.com
*.houseandgarden.co.uk
*.houseandgarden.com
*.menoftheyear.de
*.newyorker.com
*.h.ouse.co
*.ouse.co
*.pitchfork.com
*.pitchforkmusicfestival.com
*.revistaad.es
*.self.com
*.tatler.co.uk
*.tatler.com
*.tatler.uk
*.teenvogue.com
*.theexchangehsbc.com
*.thelovemagazine.co.uk
*.them.us
*.traveller.uk
*.vanityfair.co.uk
*.vanityfair.com
*.vanityfairart.co.uk
*.vanityfairart.com
*.vogue.co.jp
*.vogue.co.uk
*.vogue.com
*.vogue.com.mx
*.vogue.de
*.vogue.es
*.vogue.fr
*.vogue.it
*.vogue.mx
*.vogue.uk
*.vogueforcesoffashion.com
*.voguesummerschool.com
*.wired.co.uk
*.wired.com
*.wired.it
*.wired.uk
*.worldofinteriors.co.uk