SSL Certificate Analysis for mail.ipod.ca - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for www.myapple.net, appledarwin.org, quicktimestreaming.net, itunesu.net, alphapushpin.org, www.metapushpin.net, www.shopdifferent.net, www.machos.net, ipa-iphone.net, not for mail.ipod.ca

Open Cached · just now

72/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=California, O=Apple Inc., CN=dvdstudiopro.net

Issuer

C=US, O=Apple Inc., CN=Apple Public Server RSA CA 1 - G1

Valid From

January 31, 2026

Valid Until

May 01, 2026 19 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

6C:9F:A4:55:64:12:39:40:E0:91:DE:D5:81:F7:43:30:B6:14:A5:74:EF:22:6C:5C:C4:81:66:DE:C4:8E:1A:57

Alternative Names

58 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

58 domains

alphapushpin.org www.alphapushpin.org

apple-darwin.org www.apple-darwin.org

appledarwin.org www.appledarwin.org

applefinalcutproworld.org www.applefinalcutproworld.org

applestore.org www.applestore.org

dvdstudiopro.net www.dvdstudiopro.net

earpod.net www.earpod.net

facetime.net www.facetime.net

forthecolorful.net www.forthecolorful.net

heretohelp.net www.heretohelp.net

icloude.net www.icloude.net

imacshop.net www.imacshop.net

intrinsity.net www.intrinsity.net

ipa-iphone.net www.ipa-iphone.net

ipod.net www.ipod.net

ituneslogin.net www.ituneslogin.net

itunesu.net www.itunesu.net

macbookair.net www.macbookair.net

mach-os.net

machos.net www.machos.net

macreach.net www.macreach.net

metapushpin.net www.metapushpin.net

myapple.net www.myapple.net

myipod.net www.myipod.net

playquicktime.net www.playquicktime.net

qt-tv.net

qttv.net

quicktimestreaming.net

shop-different.net

shopdifferent.net www.shopdifferent.net

streamquicktime.net