SSL Certificate Analysis for gradinata.it - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=gianma.it

Issuer

C=US, O=Let's Encrypt, CN=YR1

Valid From

June 02, 2026

Valid Until

August 31, 2026 83 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E3:59:2A:CE:D8:8A:9D:6A:6B:ED:23:D8:17:A4:E2:10:3B:A2:11:C0:89:9D:FD:B3:A5:CC:56:9B:F5:81:56:32

Alternative Names

84 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

84 domains

gradinata.it *.gradinata.it

Other domains in certificate

*.admin.aflamk.com aflamk.com *.aflamk.com *.api.aflamk.com *.dev.aflamk.com *.ead.aflamk.com *.hostmaster.aflamk.com *.m.aflamk.com *.member.aflamk.com *.mx20.aflamk.com *.relay1.aflamk.com *.sitemap.aflamk.com *.sitemaps.aflamk.com *.staging.aflamk.com *.test.aflamk.com *.ww1.aflamk.com *.ww11.aflamk.com *.ww16.aflamk.com *.ww17.aflamk.com *.ww38.aflamk.com *.ww45.aflamk.com *.ww5.aflamk.com *.zzbqoflq65.aflamk.com

ce-dassault-merignac.com *.ce-dassault-merignac.com *.gestion.ce-dassault-merignac.com

cl-sextoupg.bet *.cl-sextoupg.bet *.ww38.cl-sextoupg.bet

death.bet *.death.bet *.ww25.death.bet

gianma.it *.gianma.it

greenhomes.it *.greenhomes.it

ilkadimgranfondo.com *.ilkadimgranfondo.com *.ww25.ilkadimgranfondo.com *.ww38.ilkadimgranfondo.com

interquiz.live *.interquiz.live

loftstar.co.uk *.loftstar.co.uk

longhung.com *.longhung.com *.owa.longhung.com *.www3.longhung.com

*.blog.manual-removal.com manual-removal.com *.manual-removal.com *.old.manual-removal.com

onlypr.co.uk *.onlypr.co.uk

sexsubs.me *.sexsubs.me

*.info.silveryol.com silveryol.com *.silveryol.com

southsoundmotorsports.net *.southsoundmotorsports.net

*.members.state-fillings.com state-fillings.com *.state-fillings.com *.ww25.state-fillings.com

*.demo.temperaturecontrols.it *.reports.temperaturecontrols.it *.stats.temperaturecontrols.it temperaturecontrols.it *.temperaturecontrols.it

*.api.tropicalresort.it *.hostmaster.tropicalresort.it *.staging.tropicalresort.it tropicalresort.it *.tropicalresort.it *.www.tropicalresort.it

vront.co *.vront.co

wctrondheim.org *.wctrondheim.org

zika.bet *.zika.bet