SSL Certificate Analysis for dev.riomilfs.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=bandiecam.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 14, 2026

Valid Until

April 14, 2026 50 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D4:68:E4:5E:4D:9B:3F:E4:EE:4C:51:3A:78:EB:49:73:AA:14:1C:67:F8:6D:9C:EB:D6:BC:9E:D7:A2:A9:D4:5F

Alternative Names

85 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

85 domains

riomilfs.com *.riomilfs.com *.jenkins.riomilfs.com *.pipeline.riomilfs.com *.poc.riomilfs.com

Other domains in certificate

amason.com.au *.amason.com.au *.hostmaster.amason.com.au *.ww17.amason.com.au *.www.amason.com.au

bandiecam.com *.bandiecam.com *.ci.bandiecam.com *.jenkins.bandiecam.com *.test.bandiecam.com

*.ci.freemak.com *.cicd.freemak.com freemak.com *.freemak.com *.jenkins.freemak.com *.pipeline.freemak.com *.preprod.freemak.com *.test.freemak.com *.ww1.freemak.com

*.cicd.friendscall.info friendscall.info *.friendscall.info *.pipeline.friendscall.info *.test.friendscall.info

*.gold.homedepotcard.com homedepotcard.com *.homedepotcard.com *.pipeline.homedepotcard.com

*.demo.mounttahoma.com mounttahoma.com *.mounttahoma.com

*.ci.payoi.com payoi.com *.payoi.com *.pipeline.payoi.com *.ww1.payoi.com

*.jenkins.quicbooksonline.com *.pipeline.quicbooksonline.com quicbooksonline.com *.quicbooksonline.com

*.ci.secretofsurvival.com *.jenkins.secretofsurvival.com secretofsurvival.com *.secretofsurvival.com

*.cicd.shopprestigepotraits.com *.pipeline.shopprestigepotraits.com *.preview.shopprestigepotraits.com shopprestigepotraits.com *.shopprestigepotraits.com

*.jenkins.smokerspatch.com *.pipeline.smokerspatch.com smokerspatch.com *.smokerspatch.com

*.ci.speedntest.net *.jenkins.speedntest.net *.pipeline.speedntest.net speedntest.net *.speedntest.net *.staging.speedntest.net *.ww1.speedntest.net

*.blog.suziemax.com *.jenkins.suziemax.com *.pipeline.suziemax.com *.random.suziemax.com suziemax.com *.suziemax.com

*.cicd.taxicaborlando.com *.jenkins.taxicaborlando.com *.pipeline.taxicaborlando.com taxicaborlando.com *.taxicaborlando.com

*.ci.visemarline.com *.jenkins.visemarline.com *.pipeline.visemarline.com *.random.visemarline.com visemarline.com *.visemarline.com

*.mx.zeropapier.com zeropapier.com *.zeropapier.com