SSL Certificate Analysis for decentwork.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=itchkoezrattiwife.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

March 10, 2026

Valid Until

June 08, 2026 31 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F7:51:96:AF:C0:84:65:6A:6B:38:87:04:D6:B5:6D:83:04:E2:38:52:A7:40:0C:A8:E0:39:72:1B:91:0D:49:E7

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

decentwork.org *.decentwork.org

Other domains in certificate

247deals.au *.247deals.au

66mcr.buzz *.66mcr.buzz *.api.66mcr.buzz *.b.66mcr.buzz *.dashboard-preview.66mcr.buzz *.dashboard.66mcr.buzz *.dev.66mcr.buzz *.home.66mcr.buzz *.news.66mcr.buzz *.production.66mcr.buzz *.sitemap.66mcr.buzz *.sitemaps.66mcr.buzz *.superset-preprod.66mcr.buzz *.superset.66mcr.buzz *.web.66mcr.buzz *.ww16.66mcr.buzz *.ww25.66mcr.buzz

*.admin.adulte.it adulte.it *.adulte.it *.api.adulte.it *.dash.adulte.it *.dev.adulte.it *.hostmaster.adulte.it *.hotmta-sts.adulte.it *.mail.adulte.it *.mta-sts.adulte.it *.report.adulte.it *.superset.adulte.it

auraestradaprize.org *.auraestradaprize.org

azuradatsettlement.com *.azuradatsettlement.com *.vpn.azuradatsettlement.com *.www.azuradatsettlement.com

*.admin.bancheprivate.com *.app.bancheprivate.com bancheprivate.com *.bancheprivate.com *.dashboard.bancheprivate.com *.dev.bancheprivate.com *.workflow.bancheprivate.com *.www.bancheprivate.com

*.11app.blingx.ltd blingx.ltd *.blingx.ltd *.test45.blingx.ltd

exercisephysio.au *.exercisephysio.au

itchkoezrattiwife.com *.itchkoezrattiwife.com *.vpn.itchkoezrattiwife.com

jkasiske.de *.jkasiske.de *.www.jkasiske.de

kappi.life *.kappi.life

kwikway.com *.kwikway.com *.ww1.kwikway.com

luciami.com *.luciami.com *.www.luciami.com

mooroopna.au *.mooroopna.au

*.496ee231-4f60-4fe9-b9fe-5333693b7105.paartments.com *.hostmaster.paartments.com paartments.com *.paartments.com *.wildcard.paartments.com

pmtgroup.uk *.pmtgroup.uk

*.cpcontacts.renaissancemedia.com.au renaissancemedia.com.au *.renaissancemedia.com.au

rockinghamglass.au *.rockinghamglass.au

tambree.au *.tambree.au

treeline.studio *.treeline.studio

windella.au *.windella.au

*.random.xxx18hot.co xxx18hot.co *.xxx18hot.co