SSL Certificate Analysis for dev.ihlm.it - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=cambiati.it

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

April 14, 2026

Valid Until

July 13, 2026 63 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F7:7C:9A:4A:3B:74:17:84:5F:24:02:C8:B3:1E:12:F4:F7:22:1C:C7:ED:21:22:68:3A:C3:D1:20:2F:B0:2D:ED

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

ihlm.it *.ihlm.it *.api.ihlm.it *.app.ihlm.it *.dev.ihlm.it *.intel.ihlm.it *.reports.ihlm.it

Other domains in certificate

cambiati.it *.cambiati.it *.notexistsowa.cambiati.it

fetchasquadssquad.com *.fetchasquadssquad.com

freepij.com *.freepij.com

glowluxebeauty.com *.glowluxebeauty.com

guardforceelit1e-nab.sbs *.guardforceelit1e-nab.sbs

millstonecreek.com *.millstonecreek.com

nappio.com *.nappio.com

nnnjsgf18677.shop *.nnnjsgf18677.shop

nomadius.com *.nomadius.com

pawstoken.com *.pawstoken.com

raemian-salereal.com *.raemian-salereal.com *.www.raemian-salereal.com

scamwork.com *.scamwork.com

search-for-mental-testing-denmark.sbs *.search-for-mental-testing-denmark.sbs

sexnori54.com *.sexnori54.com

shellylane.com *.shellylane.com

sofort-annehmen.com *.sofort-annehmen.com

sombrasol.com *.sombrasol.com

sondera.life *.sondera.life

surgeonxr.com *.surgeonxr.com

*.admin.sweetgifts.it *.analytics.sweetgifts.it *.api.sweetgifts.it *.app.sweetgifts.it *.backend.sweetgifts.it *.forecast.sweetgifts.it *.metrics.sweetgifts.it sweetgifts.it *.sweetgifts.it

swingsolar.com *.swingsolar.com

t88s.cyou *.t88s.cyou

taramandal.com *.taramandal.com

theinterconnect.com *.theinterconnect.com

thewitchescircle.com *.thewitchescircle.com

tourmcp.com *.tourmcp.com

trustalarm.com *.trustalarm.com

tryimagineart.com *.tryimagineart.com

tuxy0.xyz *.tuxy0.xyz

vaiilbannpqykxb.cc *.vaiilbannpqykxb.cc

validthreads.com *.validthreads.com

virgocoin.com *.virgocoin.com

visionarystore.com *.visionarystore.com

whygosolo.com *.whygosolo.com

windowrepair.au *.windowrepair.au

xterminate.com *.xterminate.com

yqlxa.loans *.yqlxa.loans