SSL Certificate Analysis for hotelhortensia.it - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=markoonyskiv.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 07, 2025

Valid Until

January 05, 2026 54 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A2:02:43:F8:D8:C6:4A:03:EB:22:74:49:C4:A6:E8:97:54:32:3C:5D:4A:CC:00:65:12:C9:F7:A2:51:E0:E4:41

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

hotelhortensia.it

Other domains in certificate

www.1337it.dk

docs.evsite.advanced-infrastructure.co.uk

www.allgoodwaves.org

staging.appdashboard.nl

atelianso.pw

app.axcode.dev

portal.stg.eckard.bitstudios.dev

book.brmodels.love

bytesprout.in

cathadon.com

checkbillbyjsor.com

app.cinecameo.be

www.cipomo.it

acc.collabsoft.net

comptametrics.com

share-trivialis.cubel-apps.es

portal.develop.doc.cr

www.dodobiagi.com.br

www.donneargent.fr

draperfc.com

splitwise.eeshanya.dev

student-ca.examind.io

arcos.farrasnorte.com

test.frodoe.com

app.fulcheranalytics.io

fullscale.app

www.gostartdriving.com

fi.grace.church

hatefi.pw

heroicgameslauncher.com

thecorner.impactwrap.com

degree-8.app.infi.us

www.infinitydevices.co

infoelan.com

apk.inteliped.online

www.jet-gen.com

animation-playground.jideguru.dev

guestbook.jodiesfund.org

kiwi-sdk-sandbox.joinsherpa.io

www.jupiterdocs.com

pr.mikata-of-skin.kaniyonika.com

knowmytax.in

jplaylist.kro.kr

leebyoungjae.com

www.luisgonzalez.me

order.lumbung.app

www.mach-das-leben-an.com

markhavas.me

markoonyskiv.com

www.milanbista.com

x2-test.millennium.games

minepkg.io

www.mmorpg.zone

momentory.app

bash.my.id

sistema.neoconecta.com

angular-tutorials.nibunan.in

kochbuch.nijo.dev

www.onefactura.com

onlyone.fans

orgenesis.com

dash.pointapp.org

app.posbrokers.com

www.psgelectricals.com

wall.qwan.eu

rafaelvs.me

ceim.recursyve.dev

www.reffsmartrealty.com

www.marketplace.revolgy.com

www.ronlobo.com

directory.sadhrasya.in

theneuronclinic-admin.sevaro.com

shorted.in

sildenafilrecept.se

admin.smartfixcare.com

api.sprel.io

eventbuddy.squadops.gg

www.ssg-itec.us

staging.2100.co

pedidos.sushiexpresspanama.com

tamasapp.com

dl.termle.com

thebrains.fund

thehippocraticoathofsoftwareengineering.com

thepresidents.in

tinance.in

poiju.tinksi.fi

tkn.cool

pickem-admin.tournament.gg

ww2.tripurainfra.com

bhsapp.vibrantlab.com

onourterms.vidyagiri.com

demo.vinettaproject.com

ms.vinodjoshi.in

wcc.earth

wikieducationco.com

willmack.io

holiday.yy.my

zahr.io