SSL Certificate Analysis for mail.amos8.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=53233.work

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 26, 2026

Valid Until

August 24, 2026 75 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

71:87:03:F5:2E:53:EA:B1:A6:5C:DC:6F:A1:B9:7D:1D:B0:45:3A:CB:D6:A2:C4:6A:AE:33:40:01:84:6A:F1:E1

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

amos8.com *.amos8.com

Other domains in certificate

53233.work *.53233.work

56121.my *.56121.my

63698.blog *.63698.blog

7mryg.pro *.7mryg.pro

87976.lgbt *.87976.lgbt

905886.pro *.905886.pro

97119.blog *.97119.blog

ahsjcj.vip *.ahsjcj.vip

an99.blog *.an99.blog

an99.casa *.an99.casa

an99.date *.an99.date

an99.foundation *.an99.foundation

an99.hiphop *.an99.hiphop

an99.love *.an99.love

an99.now *.an99.now

an99.rodeo *.an99.rodeo

clarityfitnessedge.run *.clarityfitnessedge.run

cryptoonchain-web3.info *.cryptoonchain-web3.info

crystalclearjourneys.live *.crystalclearjourneys.live

dependablediyresource.live *.dependablediyresource.live

devicehomepro.com *.devicehomepro.com

dge12.sbs *.dge12.sbs

dybjt1296.com *.dybjt1296.com

dynamictravelpaths.live *.dynamictravelpaths.live

elitesterlingasset.com *.elitesterlingasset.com

employeeport.com *.employeeport.com

eyfvnxd822.com *.eyfvnxd822.com

fitnessadeptpro.run *.fitnessadeptpro.run

fitnessadvancepro.run *.fitnessadvancepro.run

fitnessalignment.run *.fitnessalignment.run

fitnessbaseline.run *.fitnessbaseline.run

fitnessconnectpro.run *.fitnessconnectpro.run

fitnessdependable.run *.fitnessdependable.run

fitnessdriveforward.run *.fitnessdriveforward.run

fitnesselitezone.run *.fitnesselitezone.run

fitnessevergreen.run *.fitnessevergreen.run

fitnessfinesse.run *.fitnessfinesse.run

fitnessforemost.run *.fitnessforemost.run

fitnessgoldstandard.run *.fitnessgoldstandard.run

fitnessgrowthedge.run *.fitnessgrowthedge.run

fitnessguidanceway.run *.fitnessguidanceway.run

fitnessguidingpro.run *.fitnessguidingpro.run

fitnessintrust.run *.fitnessintrust.run

fitnessmomentumpro.run *.fitnessmomentumpro.run