SSL Certificate Analysis for mail.stainlesshero.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=movilize.us

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

June 02, 2026

Valid Until

August 31, 2026 75 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

38:CE:04:D7:6B:3B:AF:FB:A2:63:FB:AE:D6:C9:D0:B0:03:FA:6D:2F:43:A5:F6:0B:3B:52:7A:73:2B:C2:7A:6F

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

stainlesshero.com *.stainlesshero.com *.admin.stainlesshero.com *.cloud.stainlesshero.com *.demo.stainlesshero.com *.hostmaster.stainlesshero.com *.mail.stainlesshero.com *.rd.stainlesshero.com *.rds.stainlesshero.com *.ww12.stainlesshero.com

Other domains in certificate

0wt.de *.0wt.de

activlearnprimary.co.uk *.activlearnprimary.co.uk *.random.activlearnprimary.co.uk

*.autodiscover.biztecgroup.com biztecgroup.com *.biztecgroup.com *.rustore.biztecgroup.com *.wwww.biztecgroup.com

cccinstruction.com *.cccinstruction.com

cosmic365.ai *.cosmic365.ai *.learn.cosmic365.ai *.webcast.cosmic365.ai

eorpcar.de *.eorpcar.de

gameskharido.live *.gameskharido.live

*.comune.gannalyst.com gannalyst.com *.gannalyst.com *.random.gannalyst.com

giftacut.com *.giftacut.com *.pay.giftacut.com

hdstream.org *.hdstream.org *.ww25.hdstream.org *.ww38.hdstream.org

*.forum.heavyvehiclesturkey.com heavyvehiclesturkey.com *.heavyvehiclesturkey.com *.mail.heavyvehiclesturkey.com *.ww25.heavyvehiclesturkey.com

hostinger.org *.hostinger.org *.hpanel.hostinger.org *.mail.hostinger.org *.mx2.hostinger.org *.payments.hostinger.org *.ww25.hostinger.org

howstarlives.com *.howstarlives.com *.mail.howstarlives.com

interteach.co *.interteach.co *.sitemap.interteach.co *.www.interteach.co

lascoste.com *.lascoste.com *.ww38.lascoste.com

ledtrafficsignals.com *.ledtrafficsignals.com

*.arley.lopes.eu *.eduardo.lopes.eu *.ferreirra.lopes.eu lopes.eu *.lopes.eu *.maria.lopes.eu

*.demo.meridianpark.uk meridianpark.uk *.meridianpark.uk

metung.au *.metung.au *.ww38.metung.au

*.mail.movilize.us movilize.us *.movilize.us

newsfeeds.au *.newsfeeds.au

*.hostmaster.sky-direkt.de *.kunde.sky-direkt.de sky-direkt.de *.sky-direkt.de *.www.sky-direkt.de

songclasher.com *.songclasher.com