SSL Certificate Analysis for email.fugel.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=bajakah.site

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 04, 2026

Valid Until

May 05, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E6:D2:32:F2:F3:C2:62:5D:C1:9D:44:A4:D5:FD:B3:D8:7C:82:DE:73:E8:24:D6:1D:B2:D5:A4:61:40:7D:D7:E2

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

fugel.com *.fugel.com

Other domains in certificate

645.com.au *.645.com.au

atn-nachibl.com *.atn-nachibl.com

atpimusf.shop *.atpimusf.shop

autistici.com *.autistici.com *.ww38.autistici.com

bajakah.site *.bajakah.site *.gass.bajakah.site

beyond-resolved.org *.beyond-resolved.org

brf.llc *.brf.llc

bussuper5.xyz *.bussuper5.xyz

cotech.agency *.cotech.agency

dk857.com *.dk857.com

*.dns.enjoygoodlife.website enjoygoodlife.website *.enjoygoodlife.website

foodhawker.com *.foodhawker.com

fordjimenez.com *.fordjimenez.com

freeoptions.com *.freeoptions.com

freshtravelpaths.live *.freshtravelpaths.live

funnytwins.com *.funnytwins.com

futomomo.com *.futomomo.com

galanthus.com *.galanthus.com

gardenexpertsecrets.xyz *.gardenexpertsecrets.xyz

gaukhar.com *.gaukhar.com

giarratano.com *.giarratano.com

glitterdust.com *.glitterdust.com

growflexdesign.com *.growflexdesign.com

gudboy5.click *.gudboy5.click

handi-up.org *.handi-up.org

harmoniousweddingsmoods.beauty *.harmoniousweddingsmoods.beauty

haylem.com *.haylem.com

hogge.com *.hogge.com

hojyo.com *.hojyo.com

juneteenthsocal.org *.juneteenthsocal.org

*.imo.kiki.bet kiki.bet *.kiki.bet *.sitemap.kiki.bet *.sitemaps.kiki.bet

luck7.bet *.luck7.bet

nootone.io *.nootone.io

one-limitless.space *.one-limitless.space

onlinembaprograms.guide *.onlinembaprograms.guide *.v1.onlinembaprograms.guide

pettisville.sbs *.pettisville.sbs

questlandia.pl *.questlandia.pl

salesrock.io *.salesrock.io

sammy.network *.sammy.network *.sammynetworks.sammy.network

zwhsau.asia *.zwhsau.asia