SSL Certificate Analysis for mail.detiz.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=04611.co

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 23, 2026

Valid Until

August 21, 2026 55 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DA:13:56:28:FF:7E:3E:0F:4E:8B:5C:69:AC:F2:26:09:F2:6C:73:72:0F:56:02:40:A1:AE:AF:D2:6D:34:E9:AF

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

detiz.com *.detiz.com

Other domains in certificate

04611.co *.04611.co

18141.qpon *.18141.qpon

18wheeliq.com *.18wheeliq.com

26234.qpon *.26234.qpon

29456.my *.29456.my

34952.qpon *.34952.qpon

35x8nu.qpon *.35x8nu.qpon

36855.qpon *.36855.qpon

37996.qpon *.37996.qpon

48793.qpon *.48793.qpon

5288874037.cfd *.5288874037.cfd

58324.qpon *.58324.qpon

64203.my *.64203.my

6yymy.com *.6yymy.com

accessconfidality.com *.accessconfidality.com

activeinvestor.sbs *.activeinvestor.sbs

brtaz.qpon *.brtaz.qpon

btltn.qpon *.btltn.qpon

bvnsy.qpon *.bvnsy.qpon

cehe8w.qpon *.cehe8w.qpon

dealerxyz.xyz *.dealerxyz.xyz

dpptitanium.shop *.dpptitanium.shop

dralvonexa.cfd *.dralvonexa.cfd

eagleexpresscourier.com *.eagleexpresscourier.com

emirateventures.vip *.emirateventures.vip

exuzs.biz *.exuzs.biz

firstpostyork.com *.firstpostyork.com

flushden.xyz *.flushden.xyz

iman-cosmetics.shop *.iman-cosmetics.shop

pureglowessence.beauty *.pureglowessence.beauty

realimpactfx.org *.realimpactfx.org

retrobattle795.shop *.retrobattle795.shop

rgixead.com *.rgixead.com

rtpasd123gege.xyz *.rtpasd123gege.xyz

saglikdepo.site *.saglikdepo.site

sultan69rush.vip *.sultan69rush.vip

taxxxx2025.site *.taxxxx2025.site

vxiaoke360.com *.vxiaoke360.com

westend.shopping *.westend.shopping

zaratest.site *.zaratest.site

zivwy.win *.zivwy.win

ztnjtzw.my *.ztnjtzw.my

zzshuo2.com *.zzshuo2.com

zzshuo3.com *.zzshuo3.com