SSL Certificate Analysis for dev.bigredrooster.com - Security Grade & TLS Configuration

Open Cached · just now

88/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=Illinois, L=Chicago, O=Jones Lang LaSalle IP, Inc., CN=www.openavm.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1

Valid From

May 20, 2025

Valid Until

May 20, 2026 150 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

C7:50:8F:4B:87:8D:80:AC:62:A3:F7:D1:AF:C9:5E:85:78:7E:60:B6:EC:85:13:08:B5:AA:D5:22:D6:A2:BA:36

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=315360000; includeSubDomains

Content-Security-Policy

Basic

default-src; connect-src; script-src; +4 more

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

bigredrooster.com dev.bigredrooster.com stg.bigredrooster.com www.bigredrooster.com

Other domains in certificate

230congress.com www.230congress.com

260franklinstreet.com www.260franklinstreet.com

site.atginc.com

brg.com www.brg.com

dev.jll50.com.hk jll50.com.hk stg.jll50.com.hk www.jll50.com.hk

aztest-ent-noc-emea.corrigo.net aztest-pro-noc-emea.corrigo.net ent-noc-emea.corrigo.net pro-noc-emea.corrigo.net

api-demo.envio.systems api-us.envio.systems api.envio.systems ca.envio.systems demo.envio.systems envio.systems us.envio.systems www.envio.systems

enviosystems.com www.enviosystems.com

humanexperience.jll

eri.live.jll.com forum.jllcab.live.jll.com techup.live.jll.com

elblogdelosanillos.jll.es

dev.ebrochure.jll.eu ebrochure.jll.eu jll-emea-evohtmltopdf.jll.eu uat.ebrochure.jll.eu

jllhub.com

analytics.azara.jllt.com cdn-spark.jllt.com data.azara.jllt.com dev-analytics.azara.jllt.com dev-data.azara.jllt.com dev-reports.azara.jllt.com dev-spark.jllt.com dev.spark.jllt.com gamma.jllt.com preprod-analytics.azara.jllt.com preprod-data.azara.jllt.com preprod-reports.azara.jllt.com preprod.azara.jllt.com reports.azara.jllt.com spark-dev.jllt.com spark-qa.jllt.com spark.jllt.com stg-spark.jllt.com stg.spark.jllt.com

lafayetteccboston.com www.lafayetteccboston.com

lochrinquay.com

dev.logcheck.com stg.logcheck.com www.logcheck.com

logcheckapp.com staging.logcheckapp.com www.logcheckapp.com

onebeaconstreet.com www.onebeaconstreet.com

onepostofficesq.com www.onepostofficesq.com

api.openavm.com jlleulive.openavm.com jlllive.openavm.com jlluslive.openavm.com jllvirtual.openavm.com suburbtrends.openavm.com uat-api.openavm.com uat.openavm.com www.openavm.com

pennplaceframingham.com www.pennplaceframingham.com

powerupwithcapforce.com

presidentsplacequincy.com www.presidentsplacequincy.com

cdn.tetris-db.com

twolibertyboston.com www.twolibertyboston.com

welcome.jll