SSL Certificate Analysis for lamalou.com - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=firstphysioid.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 01, 2026

Valid Until

May 02, 2026 76 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F9:9C:E7:7F:17:A2:BA:20:07:2C:6E:CF:3D:A8:F0:6A:D4:11:7F:14:EA:37:3D:21:8A:C7:3E:D6:19:D0:EF:14

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

lamalou.com *.lamalou.com *.remoteapp.lamalou.com *.secure.lamalou.com *.ssl2.lamalou.com

Other domains in certificate

3700.network *.3700.network *.mgmt.3700.network *.proj1-test.3700.network *.proj1.3700.network *.proj5.3700.network

*.corp.earthink.com earthink.com *.earthink.com *.www.earthink.com

firstphysioid.com *.firstphysioid.com

fowlerfortulsa.com *.fowlerfortulsa.com

*.asa.haljones.com *.gateway.haljones.com haljones.com *.haljones.com *.remote.haljones.com *.saga.haljones.com *.ssl.haljones.com *.test2.haljones.com

ladyclub.org *.ladyclub.org *.random.ladyclub.org *.ww38.ladyclub.org

*.25.nijione.site *.flw.nijione.site nijione.site *.nijione.site *.random.nijione.site *.webmail.nijione.site

observatorioseguranca.org *.observatorioseguranca.org *.ww38.observatorioseguranca.org

powertutor.org *.powertutor.org *.ww38.powertutor.org

*.random.rubyspaoceanside.com rubyspaoceanside.com *.rubyspaoceanside.com *.ww38.rubyspaoceanside.com

*.mail2.sausewind-shop.de sausewind-shop.de *.sausewind-shop.de

*.api.semperfi.cc semperfi.cc *.semperfi.cc

*.fb.setinstones.com *.fun.setinstones.com *.hostmaster.setinstones.com *.sandbox.setinstones.com setinstones.com *.setinstones.com *.store.setinstones.com *.test.setinstones.com *.users.setinstones.com *.webmail.setinstones.com *.whois.setinstones.com *.ww.setinstones.com *.ww16.setinstones.com *.ww25.setinstones.com *.ww38.setinstones.com

*.forum.snowwolf.ca *.mx.snowwolf.ca snowwolf.ca *.snowwolf.ca

tapasolidariamadrid.org *.tapasolidariamadrid.org *.ww38.tapasolidariamadrid.org

*.beta.wapweb.com *.ffffffffffff.wapweb.com *.kazan.wapweb.com *.ns1.wapweb.com *.pt.wapweb.com *.qa.wapweb.com *.service.wapweb.com *.speedtest.wapweb.com wapweb.com *.wapweb.com *.webdesign.wapweb.com *.wi.wapweb.com *.ww17.wapweb.com *.ww38.wapweb.com *.www.wapweb.com