SSL Certificate Analysis for com.arqui.digital - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=virginmediaservice.com

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

June 09, 2026

Valid Until

September 07, 2026 72 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

92:07:C2:AA:59:82:31:C4:03:9E:1E:59:CD:1D:F7:3C:31:C6:F8:26:C2:83:26:63:19:26:C1:EE:45:6E:68:1B

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

arqui.digital *.arqui.digital *.click.arqui.digital *.com.arqui.digital *.li.arqui.digital *.ww25.arqui.digital *.ww38.arqui.digital

Other domains in certificate

abschluss.com *.abschluss.com *.as9912.abschluss.com *.att.abschluss.com *.ww16.abschluss.com *.www.abschluss.com

beachpalapa.com *.beachpalapa.com *.ww25.beachpalapa.com

bettinghub.co *.bettinghub.co *.sitemap.bettinghub.co

carthusian.com *.carthusian.com *.iffy.carthusian.com

foresthillflorists.com *.foresthillflorists.com *.random.foresthillflorists.com *.sitemaps.foresthillflorists.com *.ww25.foresthillflorists.com *.ww38.foresthillflorists.com

hosteleria.co *.hosteleria.co *.sitemap.hosteleria.co

ikemoto.com *.ikemoto.com

*.8cfbe3e3-bbba-464e-a10d-68fc42b99706.konsulty.tech *.admin.konsulty.tech *.aesjuat.konsulty.tech *.api.konsulty.tech *.app.konsulty.tech *.assets.konsulty.tech *.backup.konsulty.tech *.dashboard.konsulty.tech *.demo.konsulty.tech *.fqtrjnli.konsulty.tech konsulty.tech *.konsulty.tech *.mailer.konsulty.tech *.new.konsulty.tech *.qa.konsulty.tech *.secure.konsulty.tech *.staging.konsulty.tech *.test.konsulty.tech *.uat.konsulty.tech *.usflldev.konsulty.tech *.vqxlrsecure.konsulty.tech *.vzxyhqwg.konsulty.tech *.w.konsulty.tech *.xaesjuat.konsulty.tech

*.chat.myfreecsms.com *.ci.myfreecsms.com *.demo.myfreecsms.com *.dev.myfreecsms.com *.flash.myfreecsms.com *.flowiseai.myfreecsms.com *.m.myfreecsms.com myfreecsms.com *.myfreecsms.com *.qa.myfreecsms.com *.search.myfreecsms.com *.superset.myfreecsms.com *.uat.myfreecsms.com

norwalkmedgroup.com *.norwalkmedgroup.com *.ts01.norwalkmedgroup.com

*.app.rawxz.si *.dd.rawxz.si *.en.rawxz.si *.m.rawxz.si *.mail.rawxz.si *.mta-sts.rawxz.si rawxz.si *.rawxz.si *.secure.rawxz.si *.top.rawxz.si *.ww1.rawxz.si *.ww12.rawxz.si *.ww2.rawxz.si *.www.rawxz.si

*.random.virginmediaservice.com virginmediaservice.com *.virginmediaservice.com