SSL Certificate Analysis for mail.craca.it - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=starshotapparel.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 12, 2026

Valid Until

August 10, 2026 85 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

39:57:38:6C:8D:97:38:4F:20:15:37:33:26:3E:D6:62:48:37:B8:39:1B:DE:1E:28:16:4D:0C:06:07:4D:4F:D0

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

craca.it *.craca.it *.apl.craca.it *.astelmail.craca.it *.clientesvpn.craca.it *.hostmaster.craca.it *.mail.craca.it *.mx.craca.it *.nvdi.craca.it *.pvc.craca.it *.status.craca.it *.vpnma.craca.it *.xapp.craca.it

Other domains in certificate

analystestimate.com *.analystestimate.com *.dan.analystestimate.com *.hostmaster.analystestimate.com *.ww25.analystestimate.com

bmed.net *.bmed.net *.g.bmed.net *.hostmaster.bmed.net *.int.bmed.net *.s.bmed.net *.staging.bmed.net *.wildcard.bmed.net *.ww25.bmed.net

buscdn.cfd *.buscdn.cfd *.ww17.buscdn.cfd *.ww2.buscdn.cfd *.ww38.buscdn.cfd *.ww5.buscdn.cfd *.www.buscdn.cfd *.wwwww.buscdn.cfd *.wwwwww.buscdn.cfd

*.app.colesteroloalto.com *.argo.colesteroloalto.com colesteroloalto.com *.colesteroloalto.com *.dashboard.colesteroloalto.com *.metrics.colesteroloalto.com

*.cdn.contentstock.com contentstock.com *.contentstock.com *.ww16.contentstock.com *.ww25.contentstock.com

*.cloud.defeatingarthritis.com defeatingarthritis.com *.defeatingarthritis.com *.rds.defeatingarthritis.com *.sitemap.defeatingarthritis.com

*.fmbvpf.healing-journey.info healing-journey.info *.healing-journey.info

*.cpanel.jidlo.pro jidlo.pro *.jidlo.pro

low-testosterone-houston.com *.low-testosterone-houston.com *.ykzqsj.low-testosterone-houston.com

*.loto.majorbet.live majorbet.live *.majorbet.live

*.copy.off-ground.com *.cpanel.off-ground.com *.dwy.off-ground.com off-ground.com *.off-ground.com *.ww38.off-ground.com

*.backend.starshotapparel.com starshotapparel.com *.starshotapparel.com

*.96lgqb.szhhqsm.cn *.99k.szhhqsm.cn *.9dr.szhhqsm.cn *.9e6t.szhhqsm.cn *.9yh9h2.szhhqsm.cn *.aiu9vx.szhhqsm.cn *.aoxx.szhhqsm.cn *.gsozj5odqq.szhhqsm.cn *.m.szhhqsm.cn szhhqsm.cn *.szhhqsm.cn *.tp3.szhhqsm.cn *.wadpgs6o.szhhqsm.cn *.wejjd5jqte.szhhqsm.cn

*.random.whywaithealth.com whywaithealth.com *.whywaithealth.com