SSL Certificate Analysis for firewall.apring.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=onlyreviewer.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 01, 2026

Valid Until

May 02, 2026 67 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

33:C4:B5:09:78:5E:4A:61:E2:25:C7:30:AB:35:A3:80:1A:53:A7:50:81:F5:43:F7:23:35:EC:67:53:24:08:FF

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

apring.com *.apring.com *.vpn.apring.com

Other domains in certificate

01.gd *.01.gd *.49.01.gd *.bms-01.01.gd *.hoiarapi.01.gd *.new.01.gd

aaatelec.com *.aaatelec.com *.admin.aaatelec.com

aetherhawaii.com *.aetherhawaii.com

codegym.club *.codegym.club

coffeeandcloud.co *.coffeeandcloud.co

*.2lbom23cg16eyx9o.coral.email coral.email *.coral.email *.random.coral.email *.ww25.coral.email

*.0p64.fa1e.cfd *.2l23.fa1e.cfd *.3nyd.fa1e.cfd *.53y2.fa1e.cfd *.7gza.fa1e.cfd fa1e.cfd *.fa1e.cfd *.h8543.fa1e.cfd *.h8x0a.fa1e.cfd *.iojf.fa1e.cfd *.iy7o.fa1e.cfd *.j1zgq.fa1e.cfd *.k1ac.fa1e.cfd *.ladj.fa1e.cfd *.mcpy.fa1e.cfd *.nkzc.fa1e.cfd *.nleq.fa1e.cfd *.nvd8.fa1e.cfd *.p7s2.fa1e.cfd *.pq7ye.fa1e.cfd *.sa6a.fa1e.cfd *.ssaf.fa1e.cfd *.uztz.fa1e.cfd *.vcrv.fa1e.cfd *.w5m4.fa1e.cfd *.wpir.fa1e.cfd *.ytvf.fa1e.cfd *.zhji.fa1e.cfd

g-switch.com *.g-switch.com *.ww17.g-switch.com

get-qr.co *.get-qr.co

gvendelin.com *.gvendelin.com

hve.solutions *.hve.solutions

konsolelarbah.com *.konsolelarbah.com

*.i.maechan.com maechan.com *.maechan.com

*.bonjour.mounira.com *.gateway.mounira.com mounira.com *.mounira.com *.remote.mounira.com

*.app-api.ng-finance.com *.cdn-prod.ng-finance.com *.check.ng-finance.com *.de.ng-finance.com ng-finance.com *.ng-finance.com *.suivi.ng-finance.com

nypd2.org *.nypd2.org *.ww38.nypd2.org

*.autodiscover.onlyreviewer.com *.dev.onlyreviewer.com onlyreviewer.com *.onlyreviewer.com

*.apply.superflex.online *.backend.superflex.online *.magento.superflex.online *.pop.superflex.online superflex.online *.superflex.online