Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=bemelman.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
February 01, 2026
Valid Until
May 02, 2026
67 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
17:69:28:5E:FF:1B:41:31:16:B4:01:69:5A:C7:2B:B3:C2:6A:CD:97:96:8A:5D:A7:DA:FC:A0:4B:1D:2C:1C:68
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
bemelman.com
*.bemelman.com
*.random.bemelman.com
conje.com
*.conje.com
*.secure.conje.com
cotidiano.com
*.cotidiano.com
*.hostmaster.cotidiano.com
*.correo.dawit.com
dawit.com
*.dawit.com
*.office.dawit.com
*.shop.dawit.com
*.sitemap.dawit.com
*.ww17.dawit.com
*.ww25.dawit.com
dovizaltin.com
*.dovizaltin.com
*.formation.dovizaltin.com
*.autoconfig.gemenii.com
*.cloudvpn.gemenii.com
gemenii.com
*.gemenii.com
juniorrangers.com.au
*.juniorrangers.com.au
*.pvdiscovery.juniorrangers.com.au
*.kwy3z5jual.lavo.live
lavo.live
*.lavo.live
*.ebonny.mzantsi.com
mzantsi.com
*.mzantsi.com
*.v1.mzantsi.com
*.web.mzantsi.com
*.ww38.mzantsi.com
*.access.pancakeclub.com
*.cpcalendars.pancakeclub.com
*.mobile.pancakeclub.com
pancakeclub.com
*.pancakeclub.com
*.ssl.pancakeclub.com
*.help.psicologosorganizacionales.com
psicologosorganizacionales.com
*.psicologosorganizacionales.com
*.nhujnyct.qianjin2.top
qianjin2.top
*.qianjin2.top
*.vh.qianjin2.top
*.xn--0cov-sc0im2al19z.qianjin2.top
*.xn--2jrh-nu4gs65ef9ap4d8x1cpf5c1rza.qianjin2.top
*.xn--4hta849m4fa.qianjin2.top
*.xn--5536dvgffd-5o0tz00s.qianjin2.top
*.xn--7pqdai-1f7kt54b.qianjin2.top
*.xn--8849dvgffd-5o0tz00s.qianjin2.top
*.xn--8858ad-nz1l794l.qianjin2.top
*.xn--8l-9d1dr86l.qianjin2.top
*.xn--cexsmpx-u68lt0mz3tia289qbe4b.qianjin2.top
*.xn--cvvppqy-vq9k.qianjin2.top
*.xn--d-im3b155d.qianjin2.top
*.xn--d5-492dz80f.qianjin2.top
*.xn--deh3-cs1ij90a.qianjin2.top
*.xn--e9xujwbp-fh1nm2w2m8f4eizw9h20a72i.qianjin2.top
*.xn--gr-6e7du9we3lczgv68c.qianjin2.top
*.xn--id-492d080f.qianjin2.top
*.xn--ijqzu-fv5hz15ap3p22mm5qho0eb1ya.qianjin2.top
*.xn--iq9kh-1r8ik8es9ftya.qianjin2.top
*.xn--klcst-yt2kh39o.qianjin2.top
*.xn--kp8zk8-pl2mu82k4e7cda.qianjin2.top
*.xn--oljosip7bq-nr5s051g54uja2398d09o.qianjin2.top
*.xn--p3qvbwfy-ri7m425o.qianjin2.top
*.xn--pcify-iv5hp0a395b.qianjin2.top
*.xn--r-sd0cs5ptl6a.qianjin2.top
*.xn--r3f-qo3fh89f.qianjin2.top
*.xn--sc-kk5cl47atqbb82eyou6kd.qianjin2.top
*.xn--t7neugxba-uj6q883r1ba478d.qianjin2.top
*.xn--tz3-n43ev42b0qdlvfnw5kba.qianjin2.top
*.xn--wzrt7kr-ri7u75v.qianjin2.top
*.xn--ybb-kn1f732w.qianjin2.top
*.xn--zwchz-zk6hw50t.qianjin2.top
shennon.com
*.shennon.com
*.ww16.shennon.com
*.dev.vimol.com
vimol.com
*.vimol.com
*.ww25.vimol.com
*.krlvxcloud.wantnames.com
wantnames.com
*.wantnames.com
Other domains in certificate