SSL Certificate Analysis for dominant.group - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=astute.services

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 14, 2026

Valid Until

August 12, 2026 77 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

9E:05:25:FC:2B:0B:C2:06:46:71:F8:13:35:61:09:78:64:AE:DC:DF:06:5B:63:F4:9D:DC:93:0E:0B:3F:1A:4E

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

dominant.group *.dominant.group *.website.dominant.group

Other domains in certificate

apikecmalangkab.org *.apikecmalangkab.org *.u1b4et.apikecmalangkab.org

*.3didqs.apikecungaran.org apikecungaran.org *.apikecungaran.org

astute.services *.astute.services *.earthhomecareph.astute.services *.sbp.astute.services

blogcell.it *.blogcell.it *.dev.blogcell.it

buonaseraatthejam.co.uk *.buonaseraatthejam.co.uk *.mail.buonaseraatthejam.co.uk

deonne.com *.deonne.com *.random.deonne.com *.ww16.deonne.com *.ww25.deonne.com *.ww38.deonne.com

*.2l6wm.efgghi.top *.3ugcn.efgghi.top *.4yj7f.efgghi.top *.aqzmk.efgghi.top efgghi.top *.efgghi.top *.nslow.efgghi.top *.o7p4x.efgghi.top *.orrwv.efgghi.top *.snx68.efgghi.top *.svzzq.efgghi.top *.uugt9.efgghi.top *.v3ywp.efgghi.top *.y6iui.efgghi.top

energy-fts.com *.energy-fts.com *.hs2.energy-fts.com *.ipv4.energy-fts.com *.mail.energy-fts.com *.ns.energy-fts.com *.rds.energy-fts.com *.remote.energy-fts.com *.remoteapp.energy-fts.com *.sitemap.energy-fts.com *.ww3.energy-fts.com

*.4tqz2t.expandtouchstormgroup.info expandtouchstormgroup.info *.expandtouchstormgroup.info

*.3gz7m7.flare-scope-mote.life flare-scope-mote.life *.flare-scope-mote.life

*.hostmaster.houseblog.it houseblog.it *.houseblog.it *.owa.houseblog.it

ifulchw.cyou *.ifulchw.cyou

ifyoudream.it *.ifyoudream.it

kidsfootprint.org *.kidsfootprint.org *.mail.kidsfootprint.org

*.3vob1t.luxwohnch.com luxwohnch.com *.luxwohnch.com

michaelis.it *.michaelis.it *.remote.michaelis.it

molding.au *.molding.au

*.4s4qcl.oxbongda.buzz oxbongda.buzz *.oxbongda.buzz

*.mail.quallsinsurance.com quallsinsurance.com *.quallsinsurance.com

tuidy.mobi *.tuidy.mobi

*.hostmaster.vidra.it vidra.it *.vidra.it

*.hostmaster.witless.it witless.it *.witless.it