Open
Cached
·
just now
76/100
SECURITY SCORE
Certificate Information
Subject
CN=visantimassage.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
January 23, 2026
Valid Until
April 23, 2026
89 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
45:B1:9F:65:C5:B2:89:85:A6:5F:96:2A:3A:92:76:3D:B0:F1:3B:29:40:DC:0B:E6:49:D7:17:67:06:6C:22:5A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
62 domains
shellraileis.com
*.shellraileis.com
*.20ff4d26-59db-4420-b85c-04977b5644c7.shellraileis.com
*.2a94fb77-0fc0-458e-9767-25042b9dd95c.shellraileis.com
*.2c848652-8934-485c-9ce3-4f83f52e04ed.shellraileis.com
*.91f0e5b6-2ba9-41ce-8e65-c17ae4a15d78.shellraileis.com
*.acbfgm.shellraileis.com
*.accounts.shellraileis.com
*.admin.shellraileis.com
*.app.shellraileis.com
*.art.shellraileis.com
*.assets.shellraileis.com
*.beta.shellraileis.com
*.blog.shellraileis.com
*.client.shellraileis.com
*.contacts.shellraileis.com
*.cpcontacts.shellraileis.com
*.dev.shellraileis.com
*.dish.shellraileis.com
*.eml.shellraileis.com
*.help.shellraileis.com
*.m.shellraileis.com
*.mail.shellraileis.com
*.merchants.shellraileis.com
*.mta-sts.shellraileis.com
*.portal.shellraileis.com
*.power.shellraileis.com
*.rds.shellraileis.com
*.remote.shellraileis.com
*.sfyjoapp.shellraileis.com
*.sitemap.shellraileis.com
*.store.shellraileis.com
*.vpnssl.shellraileis.com
*.wildcard.shellraileis.com
*.wp.shellraileis.com
*.ww16.shellraileis.com
*.ww38.shellraileis.com
*.www.shellraileis.com
carrentas.com
*.carrentas.com
mrsupplement.com
*.mrsupplement.com
*.ww25.mrsupplement.com
radioteka.com
*.radioteka.com
rsazea.de
*.rsazea.de
*.cpanel.thedarewatch.com
*.hostmaster.thedarewatch.com
*.mail.thedarewatch.com
*.random.thedarewatch.com
thedarewatch.com
*.thedarewatch.com
*.webdisk.thedarewatch.com
*.webmail.thedarewatch.com
*.www.thedarewatch.com
visantimassage.com
*.visantimassage.com
*.career.workforcemn.com
*.random.workforcemn.com
workforcemn.com
*.workforcemn.com
Other domains in certificate