SSL Certificate Analysis for mx.bluebonsai.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=00702.one

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 20, 2026

Valid Until

August 18, 2026 74 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

05:DB:38:1E:0A:B1:96:D7:34:B1:41:DE:1A:2D:24:91:6B:74:9E:06:A1:ED:ED:A7:92:01:87:2D:5A:4E:DB:66

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

bluebonsai.com *.bluebonsai.com

Other domains in certificate

00702.one *.00702.one

29669.one *.29669.one

332248.co *.332248.co

427g.cc *.427g.cc

55697.pro *.55697.pro

58136.bid *.58136.bid

62658.blog *.62658.blog

63318.blog *.63318.blog

66358.my *.66358.my

762h25.cc *.762h25.cc

76392.my *.76392.my

783269.one *.783269.one

93522.tel *.93522.tel

9fdf2c5fb.top *.9fdf2c5fb.top

alimebus.com *.alimebus.com

bestgoldbr.sbs *.bestgoldbr.sbs

bveqd.gdn *.bveqd.gdn

bwlez.my *.bwlez.my

bxdhk.my *.bxdhk.my

bzjori.gdn *.bzjori.gdn

certifiedtollfree.com *.certifiedtollfree.com

cjuvr.gdn *.cjuvr.gdn

fornidesign.info *.fornidesign.info

freight-fare.com *.freight-fare.com

freltumova.cfd *.freltumova.cfd

fycuca.com *.fycuca.com

getbrightstreamspace.digital *.getbrightstreamspace.digital

gfe3e28fe.world *.gfe3e28fe.world

gukin.gdn *.gukin.gdn

h5hphreport519.xyz *.h5hphreport519.xyz

hotelex.net *.hotelex.net

in.love *.in.love

j05.me *.j05.me

jnsbk.gdn *.jnsbk.gdn

kbzng.gdn *.kbzng.gdn

mdgbde7b9.world *.mdgbde7b9.world

mushroom.one *.mushroom.one

nicolasjames.com *.nicolasjames.com

nvgaw.gdn *.nvgaw.gdn

plyquarion.com *.plyquarion.com

pretuned.ai *.pretuned.ai

pt-user.com *.pt-user.com

qgehwa.gdn *.qgehwa.gdn

tie666.com *.tie666.com