SSL Certificate Analysis for m.oda.cm - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=ajm789.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 14, 2026

Valid Until

August 12, 2026 57 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3B:9F:FC:4F:41:AE:D0:28:C8:7A:3D:63:67:AC:69:A8:40:30:D4:6D:51:90:3D:1E:0F:2B:97:1D:EC:19:D1:AE

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

oda.cm *.oda.cm *.ajtu.oda.cm *.auth.oda.cm *.ccuca.oda.cm *.dan.oda.cm *.exchange.oda.cm *.m.oda.cm *.mail1.oda.cm *.mailer.oda.cm *.mailgw.oda.cm *.ns2.oda.cm *.secure.oda.cm *.smtp2.oda.cm *.supers.oda.cm *.wildcard.oda.cm

Other domains in certificate

ajm789.com *.ajm789.com *.ww25.ajm789.com *.ww38.ajm789.com *.www.ajm789.com

azasrs.org *.azasrs.org *.random.azasrs.org

*.cloud.debruno.it debruno.it *.debruno.it *.desktop.debruno.it *.rd.debruno.it *.webpioniere.debruno.it

dirtdr.com *.dirtdr.com

gidda.com *.gidda.com

hanimel.tv *.hanimel.tv *.ww16.hanimel.tv

impactppe.com *.impactppe.com *.ww25.impactppe.com

indianapolislife.com *.indianapolislife.com *.mail.indianapolislife.com *.msg.indianapolislife.com *.ww17.indianapolislife.com

inkotinenz.de *.inkotinenz.de

josamycin.de *.josamycin.de

nationalgardenclub.org *.nationalgardenclub.org

*.admin.pwk.us *.app.pwk.us *.assets.pwk.us *.axwbdrds.pwk.us *.com-ayu.pwk.us *.dev.pwk.us *.m.pwk.us *.notexistsservicesreview.pwk.us pwk.us *.pwk.us *.remote.pwk.us *.servicesreview.pwk.us *.vpn.pwk.us *.www.pwk.us

*.random.saturdayclub.au saturdayclub.au *.saturdayclub.au *.ww25.saturdayclub.au *.ww38.saturdayclub.au

*.random.tdamerittade.com *.staging.tdamerittade.com tdamerittade.com *.tdamerittade.com *.ww38.tdamerittade.com

tokopetir.click *.tokopetir.click *.ww38.tokopetir.click

*.blueprint.universityofceos.co universityofceos.co *.universityofceos.co *.ww38.universityofceos.co

*.ww25.zoon.au *.ww38.zoon.au zoon.au *.zoon.au *.zoon.zoon.au

*.ww25.zoznsm.sk zoznsm.sk *.zoznsm.sk