SSL Certificate Analysis for ftp.pndora.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=decaluwe-sprl.be

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 10, 2026

Valid Until

May 11, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

89:9E:E4:A9:0A:D3:92:F1:6A:9B:98:56:A4:1E:19:F7:D6:82:7D:15:9C:BF:BC:70:81:0F:D1:5C:0C:93:4B:FD

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

pndora.com *.pndora.com *.asa.pndora.com *.autodiscover.pndora.com *.ciscoasa.pndora.com *.connect.pndora.com *.exchange.pndora.com *.firewall.pndora.com *.fortigate.pndora.com *.fortinet.pndora.com *.ftp.pndora.com *.gate.pndora.com *.remote.pndora.com *.sitemap.pndora.com *.smtp.pndora.com *.sslvpn.pndora.com *.webdisk.pndora.com *.wiki.pndora.com *.ww1.pndora.com *.ww25.pndora.com *.ww38.pndora.com

Other domains in certificate

decaluwe-sprl.be *.decaluwe-sprl.be

*.0928e494-f45f-45fa-b404-8beb82c88c95.envirosafe.net *.14b7a551-0a12-465a-81d4-7eaed55a3fcc.envirosafe.net *.admin.envirosafe.net *.api.envirosafe.net *.assets.envirosafe.net *.bkrkdnueelremoteaccess.envirosafe.net *.client.envirosafe.net *.cmvranueelremoteaccess.envirosafe.net *.connectvpn.envirosafe.net envirosafe.net *.envirosafe.net *.lezblremote.envirosafe.net *.m.envirosafe.net *.mail.envirosafe.net *.office.envirosafe.net *.portal.envirosafe.net *.rdp.envirosafe.net *.rds1.envirosafe.net *.rdweb.envirosafe.net *.remote.envirosafe.net *.remoteaccess.envirosafe.net *.ssl.envirosafe.net *.sslvpn.envirosafe.net *.staging.envirosafe.net *.test.envirosafe.net *.ts.envirosafe.net *.vpn1.envirosafe.net *.vpn2.envirosafe.net *.web.envirosafe.net *.webconnect.envirosafe.net *.webmail.envirosafe.net *.wildcard.envirosafe.net

*.adblock.usahaprediksi188-nyala.sbs *.agh.usahaprediksi188-nyala.sbs *.demo.usahaprediksi188-nyala.sbs *.dns.usahaprediksi188-nyala.sbs *.m.usahaprediksi188-nyala.sbs *.ns.usahaprediksi188-nyala.sbs *.resolver1.usahaprediksi188-nyala.sbs *.store.usahaprediksi188-nyala.sbs *.test.usahaprediksi188-nyala.sbs usahaprediksi188-nyala.sbs *.usahaprediksi188-nyala.sbs *.www.usahaprediksi188-nyala.sbs