SSL Certificate Analysis for hfx168.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=northropgumman.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 21, 2026

Valid Until

August 19, 2026 75 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

96:97:17:D4:DF:89:FA:E0:B4:5E:F8:D5:B9:20:67:44:48:E6:6D:2F:CD:43:6E:6C:13:F2:47:B0:80:AA:71:51

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

hfx168.com *.hfx168.com *.chengyu.hfx168.com *.chuanshi.hfx168.com *.fazhan.hfx168.com *.huabu.hfx168.com *.huace.hfx168.com *.huoshan.hfx168.com *.leidian.hfx168.com *.minjian.hfx168.com *.pingju.hfx168.com *.sanshen.hfx168.com *.shanzhi.hfx168.com *.wanshan.hfx168.com *.xiangxiang.hfx168.com *.xisu.hfx168.com *.yemu.hfx168.com *.yinyu.hfx168.com

Other domains in certificate

1tamilmv.pro *.1tamilmv.pro *.ww16.1tamilmv.pro *.ww25.1tamilmv.pro

*.admin.fetchasquadschannel.com *.api.fetchasquadschannel.com *.assets.fetchasquadschannel.com *.demo.fetchasquadschannel.com *.dev.fetchasquadschannel.com *.dns.fetchasquadschannel.com fetchasquadschannel.com *.fetchasquadschannel.com *.homologacao.fetchasquadschannel.com *.karriere.fetchasquadschannel.com *.staging.fetchasquadschannel.com

fieradelturismo.it *.fieradelturismo.it

*.admin.ginidesign.info *.app.ginidesign.info *.demo.ginidesign.info ginidesign.info *.ginidesign.info *.staging.ginidesign.info *.uat.ginidesign.info

krasmetro.media *.krasmetro.media *.projects.krasmetro.media

mail2u.com *.mail2u.com *.www.mail2u.com

*.discover.mimail.com *.iot.mimail.com *.mail.mimail.com *.marcioa.mimail.com mimail.com *.mimail.com *.noes.mimail.com *.sec.mimail.com *.smartscreen.mimail.com *.usmc.mimail.com *.ww16.mimail.com *.ww25.mimail.com

*.careers.northropgumman.com *.com.northropgumman.com northropgumman.com *.northropgumman.com *.totalrewards.northropgumman.com *.ww25.northropgumman.com *.ww38.northropgumman.com

sevymarieart.com *.sevymarieart.com *.ww25.sevymarieart.com

sleepwalking.com.au *.sleepwalking.com.au *.ww25.sleepwalking.com.au

*.aerno.tnm.au *.antrak.tnm.au *.australianmusclecarsales.tnm.au *.barnes.tnm.au *.bowls.tnm.au *.bupa.tnm.au *.eolflink.tnm.au *.imaginationlibrarybendieo.tnm.au *.iobreadyrto.tnm.au *.lynwardparkstud.tnm.au *.mysportsedee.tnm.au *.pooleywines.tnm.au *.quickcliq.tnm.au *.rexminerals.tnm.au tnm.au *.tnm.au *.ww25.tnm.au