SSL Certificate Analysis for it.groze.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=gardeninggreenthumb.xyz

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 20, 2026

Valid Until

May 21, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F7:51:80:E4:07:9D:C8:F6:A7:13:AD:43:8A:81:23:04:7B:1D:E0:66:2B:F5:81:AE:AB:3E:9A:1E:29:B9:78:D9

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

groze.com *.groze.com *.dev.groze.com *.development.groze.com *.files.groze.com *.hostmaster.groze.com *.it.groze.com *.news.groze.com *.random.groze.com *.search.groze.com *.sms.groze.com *.static.groze.com *.ww25.groze.com

Other domains in certificate

924yhj301.top *.924yhj301.top *.d75121b6a0b97c5bf78b80efdf84957c.924yhj301.top

adultporno.it *.adultporno.it *.remote.adultporno.it *.smtp.adultporno.it

campaigncollective.com.au *.campaigncollective.com.au *.random.campaigncollective.com.au

dikan.store *.dikan.store *.ww25.dikan.store

employees.life *.employees.life

*.admin.findacar.it *.api.findacar.it *.backend.findacar.it findacar.it *.findacar.it *.metric.findacar.it *.production.findacar.it *.reports.findacar.it

fox5.com *.fox5.com *.host.fox5.com

*.civoh.gardeninggreenthumb.xyz gardeninggreenthumb.xyz *.gardeninggreenthumb.xyz *.kwid9.gardeninggreenthumb.xyz

imyyds.com *.imyyds.com

*.api.polyfest.com *.asb.polyfest.com *.demo.polyfest.com *.dev.polyfest.com *.forum.polyfest.com *.forums.polyfest.com *.help.polyfest.com *.hostmaster.polyfest.com *.mail.polyfest.com polyfest.com *.polyfest.com *.test.polyfest.com *.ww1.polyfest.com *.ww16.polyfest.com *.ww17.polyfest.com *.ww25.polyfest.com *.ww38.polyfest.com

*.hostmaster.purch.co purch.co *.purch.co *.random.purch.co *.xxsxdyb.purch.co

*.dev.realhouse.it *.imap.realhouse.it *.mail.realhouse.it *.mx.realhouse.it realhouse.it *.realhouse.it

remasterededition.com *.remasterededition.com *.wildcard.remasterededition.com

*.admin.taxmed.ch *.agent.taxmed.ch *.analytics-preview.taxmed.ch *.client.taxmed.ch *.customer.taxmed.ch *.dashboard.taxmed.ch *.mobile.taxmed.ch *.qa.taxmed.ch *.staging.taxmed.ch taxmed.ch *.taxmed.ch *.wap.taxmed.ch