SSL Certificate Analysis for demetrious.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=pendal.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 01, 2026

Valid Until

May 02, 2026 80 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

04:72:47:DD:EB:AD:62:5A:74:20:3D:78:C1:B8:B3:59:0F:0C:AB:19:AB:E7:E4:CF:9B:03:A7:2D:6C:2F:EA:DC

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

demetrious.com *.demetrious.com *.ra.demetrious.com

Other domains in certificate

*.apis.choicegenie.com choicegenie.com *.choicegenie.com

clamchairs.com *.clamchairs.com *.ww17.clamchairs.com

fatlossresearch.com *.fatlossresearch.com *.mail.fatlossresearch.com

*.access.hogenmiller.com *.app.hogenmiller.com *.autodiscover.hogenmiller.com *.connect.hogenmiller.com *.gateway.hogenmiller.com *.globalprotect.hogenmiller.com *.gp.hogenmiller.com hogenmiller.com *.hogenmiller.com *.hostmaster.hogenmiller.com *.img.hogenmiller.com *.kmhkp6p3dp.hogenmiller.com *.m.hogenmiller.com *.mail.hogenmiller.com *.money.hogenmiller.com *.nrwcc6eftk.hogenmiller.com *.portal.hogenmiller.com *.prelogon.hogenmiller.com *.random.hogenmiller.com *.remote.hogenmiller.com *.sandbox.hogenmiller.com *.secure.hogenmiller.com *.secureaccess.hogenmiller.com *.sitemaps.hogenmiller.com *.soft.hogenmiller.com *.ssl.hogenmiller.com *.sslvpn.hogenmiller.com *.test1.hogenmiller.com *.testing.hogenmiller.com *.vpn.hogenmiller.com *.vpnssl.hogenmiller.com *.wildcard.hogenmiller.com *.windows.hogenmiller.com *.wordpress.hogenmiller.com *.ww1.hogenmiller.com *.ww16.hogenmiller.com *.ww17.hogenmiller.com *.ww25.hogenmiller.com *.ww38.hogenmiller.com

*.admin.microdermabrasionmachine.com microdermabrasionmachine.com *.microdermabrasionmachine.com *.remoteapp.microdermabrasionmachine.com

*.dev.oterapeuta.com oterapeuta.com *.oterapeuta.com

pendal.com *.pendal.com *.portal.pendal.com *.vpn.pendal.com

*.autodiscover.samiotis.com *.drvpn.samiotis.com samiotis.com *.samiotis.com *.ww16.samiotis.com

*.a.sdsolar.com *.analytics.sdsolar.com *.art.sdsolar.com *.hk.sdsolar.com *.mail.sdsolar.com *.mobi.sdsolar.com *.projects.sdsolar.com *.rustore.sdsolar.com sdsolar.com *.sdsolar.com *.stat.sdsolar.com *.ww16.sdsolar.com *.ww25.sdsolar.com

theappmaker.com *.theappmaker.com *.ww25.theappmaker.com

vaggi.com *.vaggi.com *.vpn1.vaggi.com *.ww38.vaggi.com

*.69.zjl.net zjl.net *.zjl.net