Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=bashas.co
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
May 22, 2026
Valid Until
August 20, 2026
65 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
9A:88:49:F7:81:B5:F1:FD:2B:28:B8:53:20:7C:D5:7C:09:53:58:FA:BB:53:11:E6:30:F4:C1:D8:CD:A0:AA:3F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
89 domains
everytheme.com
*.everytheme.com
*.m.everytheme.com
*.remote.everytheme.com
*.trmplet.everytheme.com
*.vpn.everytheme.com
*.www.everytheme.com
bashas.co
*.bashas.co
*.bbs.bashas.co
*.cabinet.bashas.co
*.crm.bashas.co
*.elearning.bashas.co
*.ent.bashas.co
*.forum.bashas.co
*.mail.bashas.co
*.mail02.bashas.co
*.mailin.bashas.co
*.new.bashas.co
*.nxpmyportaportal.bashas.co
*.old.bashas.co
*.portal.bashas.co
*.post.bashas.co
*.pty.bashas.co
*.shop.bashas.co
*.sniper.bashas.co
*.ww38.bashas.co
*.apps.epsenfuller.com
*.asp.epsenfuller.com
*.azure2.epsenfuller.com
*.blog.epsenfuller.com
*.client.epsenfuller.com
*.clientvpn.epsenfuller.com
*.cloud1.epsenfuller.com
*.cloudapp.epsenfuller.com
*.cloudvpn.epsenfuller.com
*.comblog.epsenfuller.com
*.correo.epsenfuller.com
*.ctx.epsenfuller.com
*.dev.epsenfuller.com
*.email.epsenfuller.com
epsenfuller.com
*.epsenfuller.com
*.forms.epsenfuller.com
*.gate.epsenfuller.com
*.giyebcht.epsenfuller.com
*.heip.epsenfuller.com
*.jnehxsug.epsenfuller.com
*.jobs.epsenfuller.com
*.kvqszinfo.epsenfuller.com
*.m.epsenfuller.com
*.mail.epsenfuller.com
*.mail2.epsenfuller.com
*.microsoft.epsenfuller.com
*.mobileconnect.epsenfuller.com
*.mta.epsenfuller.com
*.mymail.epsenfuller.com
*.netadmin.epsenfuller.com
*.news.epsenfuller.com
*.notexistsexchange.epsenfuller.com
*.notexistsmsoid.epsenfuller.com
*.notexistsw3ww.epsenfuller.com
*.oamygprivate.epsenfuller.com
*.office.epsenfuller.com
*.one.epsenfuller.com
*.pop.epsenfuller.com
*.pportunities.epsenfuller.com
*.qgbxdmails.epsenfuller.com
*.ra.epsenfuller.com
*.rds1.epsenfuller.com
*.share.epsenfuller.com
*.ssl3.epsenfuller.com
*.stage.epsenfuller.com
*.static.epsenfuller.com
*.superset.epsenfuller.com
*.terminal.epsenfuller.com
*.virtualapps.epsenfuller.com
*.vpn-gate-1-pri.epsenfuller.com
*.vpn2.epsenfuller.com
*.vpntoronto.epsenfuller.com
*.w3ww.epsenfuller.com
*.webconnect.epsenfuller.com
*.webgw.epsenfuller.com
*.webmail2.epsenfuller.com
*.webvpn.epsenfuller.com
*.wp.epsenfuller.com
*.www.epsenfuller.com
mybradfordauto.com
*.mybradfordauto.com
Other domains in certificate