SSL Certificate Analysis for fingerhutt.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=christisothers.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 19, 2026

Valid Until

May 20, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

57:D4:04:D2:30:E8:8C:60:A2:FF:45:0D:DA:BC:D3:A5:3D:7A:F4:63:7D:B5:CA:4B:B3:71:79:93:91:13:50:15

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

fingerhutt.com *.fingerhutt.com

Other domains in certificate

*.admin.blockchainasia.xyz blockchainasia.xyz *.blockchainasia.xyz *.d.blockchainasia.xyz *.dev.blockchainasia.xyz *.laravel.blockchainasia.xyz *.mail.blockchainasia.xyz *.remote.blockchainasia.xyz *.s3.blockchainasia.xyz *.sldczremote.blockchainasia.xyz *.www.blockchainasia.xyz

charlesschwab.cm *.charlesschwab.cm

*.app.charmtelecare.com *.backend.charmtelecare.com charmtelecare.com *.charmtelecare.com *.demo.charmtelecare.com *.dev.charmtelecare.com *.staging.charmtelecare.com *.www.charmtelecare.com

christisothers.com *.christisothers.com *.psb-stg.christisothers.com *.r53.christisothers.com *.remote.christisothers.com *.w.christisothers.com

consumersafetyagency.com *.consumersafetyagency.com *.dev.consumersafetyagency.com *.www.consumersafetyagency.com

elegancebest.com *.elegancebest.com *.ww1.elegancebest.com *.ww12.elegancebest.com *.ww7.elegancebest.com *.www.elegancebest.com

filmygod2.com *.filmygod2.com *.m.filmygod2.com *.ozon.filmygod2.com *.pay.filmygod2.com *.sbermarket.filmygod2.com *.ww25.filmygod2.com *.ww38.filmygod2.com *.www.filmygod2.com

*.bach.fuckinmachine.com *.beta.fuckinmachine.com *.demo.fuckinmachine.com *.dl.fuckinmachine.com fuckinmachine.com *.fuckinmachine.com *.gala.fuckinmachine.com *.images6.fuckinmachine.com *.life.fuckinmachine.com *.m.fuckinmachine.com *.maps.fuckinmachine.com *.sandbox.fuckinmachine.com *.secure.fuckinmachine.com *.sms.fuckinmachine.com *.users.fuckinmachine.com *.vps.fuckinmachine.com

lacucinaleggeramanontroppo.com *.lacucinaleggeramanontroppo.com

*.kona.lae.au lae.au *.lae.au *.ww25.lae.au

melbourneguitarfoundation.com *.melbourneguitarfoundation.com *.ww.melbourneguitarfoundation.com

moama.com.au *.moama.com.au

nmabmtwealthway.my *.nmabmtwealthway.my *.shop.nmabmtwealthway.my *.www.nmabmtwealthway.my

oldage.com.au *.oldage.com.au

*.training.v6.au v6.au *.v6.au

*.cpanel.wendyandlucy.com wendyandlucy.com *.wendyandlucy.com

*.ww38.wwwforexfactory.com wwwforexfactory.com *.wwwforexfactory.com