SSL Certificate Analysis for lxdesign.no - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=mta-sts.pmm.life

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 30, 2025

Valid Until

January 28, 2026 67 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

65:1B:20:FB:03:5F:E5:A4:28:BD:7C:B0:F5:5B:38:4A:C9:FD:4A:6D:FB:4A:F6:10:67:8D:F6:18:A3:FB:62:67

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

lxdesign.no

Other domains in certificate

365-promotion.com

bolipuertos.dev.backoffice.3dlinkweb.com

www.accordle.uk

advantageaquatics.com.au

go.aericast.com

agex2a.com

amarusustentabilidade.com.br

cliente.americajeans.com.br

auth.qa.appointmentscanner.com

moyaapp.ascentic.se

www.atarenites.com

display.barkhub.run

www.basketlotto.com

bemoretrainingstudio.com

www.benvsoft.com

backoffice.betfight.net

bilchuk.ru

seiya-ozaki.bridgefans.jp

www.bsidesdresden.com

www.caching.no

cafe-maull.de

www.caragudigital.com

empresas.carbee.top

www.carolines2fillipe.com.br

auth.checklist.pro

www.chopinthroughthewindow.com

clubqvt.com

www.fintech1.co.kr www.maxmini.co.kr

jd.codelin.vip tech.codelin.vip

www.exabyte.com.ng

editor.gaousik.com.np

yunlin.onestudy-dev.oneclass.com.tw

criarifa.com

www.daask.co.za

arbab-cafe.datacodeapp.com

auth.downsouthweddings.com.au

ednevnik.edop.edu.rs

eldritch.systems

empresasvican.cl

www.eqperfect.com

app.eserdem.com

fengyj.cn

download.fitpuli.com

forever-will.com

formage.com.br

www.fullhazak.hu

getballr.app

www.gorigeshacoffee.com

growthsenseadvisors.com

www.hackerbayventures.com

www.planning.oudzuid.heenenweervervoer.nl

www.hovercats.gg

www.hvaskjerimidtregauldal.no

call-diversion.hypnotize.nz

ibsyn-scientific.com

link.infolink.website

qualification-widgets.input4you.be

janjaap.com

components.jopit.com.ar

julianooi.com

keremetlabs.com

projekt.korakademin.se

app.libra.diet

comercioaraujoemartins.lupi.delivery houseburger.lupi.delivery

bonjour.lurifax.se

lyfebegins.com

valsignelsen.madibanja.com

www.marcogonzalez.cl

www.maryonolaw.com

masteronepiece.com

pedidos.mueblesdorma.com

administrador.navio.com.mx

fieldbrasil.org.br

www.phdpatologia.com.br

app.pixis.ai

mta-sts.pmm.life

www.privateoffshore.info

minicrs.proenerg.ro

www.namibia.quickcheck.co.za

fb.osm.rtb-dev.de

m-staging.sachurchhub.com

saunacamp.net

seville.scouthub.app

converter.stybbers.se

theclubqueenstown.co.nz

connect.timeless.investments

app.traintensity.com

upnext.at

tjpe.vagalumewifi.com.br

share.videoxhub.top

viktoria.family

webmail.alpha.weezer.fr

sender.wired-shop.com