SSL Certificate Analysis for jps.life - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=rosicrucianomorder.org

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 12, 2026

Valid Until

April 12, 2026 59 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

0C:CE:6E:86:EE:EE:BF:0C:05:11:91:4D:93:C5:C9:38:D5:A9:5A:DD:AF:BA:20:94:91:BA:4F:54:9F:83:31:51

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

jps.life *.jps.life

Other domains in certificate

amazobka.biz *.amazobka.biz

asas.digital *.asas.digital

badarinathherbalproducts.com *.badarinathherbalproducts.com *.ww25.badarinathherbalproducts.com

divxup.com *.divxup.com *.www.divxup.com

emx.digital *.emx.digital

ervices.co.uk *.ervices.co.uk

forgital.group *.forgital.group

fprintportalap.online *.fprintportalap.online

imgrei.online *.imgrei.online

info-service-amazon.fr *.info-service-amazon.fr

*.365blog.jeremythompson.us jeremythompson.us *.jeremythompson.us

*.cpcontacts.macc.com.au macc.com.au *.macc.com.au

mainhis.com *.mainhis.com

meinecontinentale.de *.meinecontinentale.de

mupzheo.ru *.mupzheo.ru

*.arc.network.pictures network.pictures *.network.pictures *.ww25.network.pictures

payzhome.com *.payzhome.com

*.gateway.pinata.io pinata.io *.pinata.io *.report.pinata.io *.ww25.pinata.io *.www.pinata.io

*.art.qcom.online *.home.qcom.online *.mailhost.qcom.online *.mailsrv.qcom.online *.ms.qcom.online *.out.qcom.online *.posta.qcom.online qcom.online *.qcom.online *.smtpauth.qcom.online *.vip.qcom.online *.www.qcom.online

rosicrucianomorder.org *.rosicrucianomorder.org

*.2015www.scopefall.com scopefall.com *.scopefall.com *.ww16.scopefall.com *.ww25.scopefall.com *.ww38.scopefall.com

shwetatarot.com *.shwetatarot.com *.ww25.shwetatarot.com

third-place.fr *.third-place.fr

*.batch.vcloud.bio *.db.vcloud.bio *.manager.vcloud.bio *.primary.vcloud.bio *.reporting.vcloud.bio vcloud.bio *.vcloud.bio *.viz.vcloud.bio

wowhaujy.com *.wowhaujy.com

ww-elster.de *.ww-elster.de

zoom4display.com *.zoom4display.com

*.ww25.zuka.store zuka.store *.zuka.store