SSL Certificate Analysis for fitmass.ca - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=jsxtyunjs.cn

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 20, 2026

Valid Until

August 18, 2026 65 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

83:11:01:E6:ED:38:C0:07:C2:99:DF:5E:59:E6:D9:7C:68:CF:BB:07:2F:A0:69:18:49:4F:AC:A7:9E:23:73:C9

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

fitmass.ca *.fitmass.ca *.matomo.fitmass.ca *.mx.fitmass.ca *.storage.fitmass.ca *.webdisk.fitmass.ca *.ww1.fitmass.ca *.ww11.fitmass.ca

Other domains in certificate

alkhafayef.com *.alkhafayef.com *.communicator-sscollege-ac-in.alkhafayef.com *.namawaz.alkhafayef.com *.www.alkhafayef.com

associazionefirdaus.com *.associazionefirdaus.com

*.argo.cooperative.bio *.bk.cooperative.bio *.blog.cooperative.bio cooperative.bio *.cooperative.bio *.mx.cooperative.bio *.qa.cooperative.bio *.sitemaps.cooperative.bio *.www.cooperative.bio

editions-alphee.com *.editions-alphee.com

*.acceso.exceptionalhomehealth.com *.cloud.exceptionalhomehealth.com exceptionalhomehealth.com *.exceptionalhomehealth.com *.gateway.exceptionalhomehealth.com *.rdweb.exceptionalhomehealth.com *.smtp.exceptionalhomehealth.com *.ts.exceptionalhomehealth.com

*.1100lu.jsxtyunjs.cn *.8to03kp7d3ox89x6.jsxtyunjs.cn *.accounts.jsxtyunjs.cn *.ada.jsxtyunjs.cn *.advantage.jsxtyunjs.cn *.baike.jsxtyunjs.cn *.blog.jsxtyunjs.cn *.calendar.jsxtyunjs.cn *.cdn4.jsxtyunjs.cn *.euoon03su.jsxtyunjs.cn *.h7.jsxtyunjs.cn jsxtyunjs.cn *.jsxtyunjs.cn *.szaal6.jsxtyunjs.cn *.xh7.jsxtyunjs.cn

*.6tuk9k.kaleawakan.com kaleawakan.com *.kaleawakan.com

kotikvmaske.com *.kotikvmaske.com *.mta-sts.kotikvmaske.com *.www.kotikvmaske.com

likecommentshare.it *.likecommentshare.it *.owa.likecommentshare.it *.remote.likecommentshare.it

*.autoconfig.linjun.com *.client.linjun.com *.comune.linjun.com linjun.com *.linjun.com *.ns2.linjun.com *.remote.linjun.com *.smtpseguro.linjun.com *.ssl.linjun.com *.ww1.linjun.com

monologues.ai *.monologues.ai *.www.monologues.ai

*.9sj4d.neo108luck.club neo108luck.club *.neo108luck.club *.w9sj4d.neo108luck.club

*.crm.wxtrac.com *.lime.wxtrac.com wxtrac.com *.wxtrac.com

*.backend.zapto.it *.betepa.zapto.it *.hostmaster.zapto.it *.lemoto.zapto.it *.nbcnews.zapto.it *.week2profit7.zapto.it zapto.it *.zapto.it