SSL Certificate Analysis for mx2.crawshaw.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=happyhalloween.it

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 19, 2026

Valid Until

May 20, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

5F:E8:2B:46:4D:E2:8B:6E:34:87:EB:FF:98:4F:22:63:E6:00:CC:B4:FD:5B:3B:09:BB:6F:B5:A9:E1:49:B1:71

Alternative Names

87 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

87 domains

crawshaw.com *.crawshaw.com *.admin.crawshaw.com *.api.crawshaw.com *.app.crawshaw.com *.assets.crawshaw.com *.authsmtp.crawshaw.com *.blog.crawshaw.com *.demo.crawshaw.com *.gw.crawshaw.com *.hostmaster.crawshaw.com *.imap.crawshaw.com *.m.crawshaw.com *.mail.crawshaw.com *.mail1.crawshaw.com *.mailbox.crawshaw.com *.mailgw.crawshaw.com *.mailhost.crawshaw.com *.mta.crawshaw.com *.mx.crawshaw.com *.mx2.crawshaw.com *.outmail.crawshaw.com *.qindbxwgffapp.crawshaw.com *.test.crawshaw.com *.webmail.crawshaw.com *.ww16.crawshaw.com *.ww17.crawshaw.com *.ww25.crawshaw.com *.ww38.crawshaw.com *.ww41.crawshaw.com *.zimbra.crawshaw.com

Other domains in certificate

1xbet.red *.1xbet.red *.admin.1xbet.red *.dns.1xbet.red *.intranet.1xbet.red *.m.1xbet.red *.shop.1xbet.red *.store.1xbet.red

*.1846m.27294039.top 27294039.top *.27294039.top *.nktjv.27294039.top *.o7p4x.27294039.top *.vhakn.27294039.top

*.app.bigmotorcycle.com bigmotorcycle.com *.bigmotorcycle.com *.shop.bigmotorcycle.com

*.aadhaarcarduid.getpost.co.in *.ftp.getpost.co.in getpost.co.in *.getpost.co.in *.ifsccode.getpost.co.in *.m.getpost.co.in *.pincode.getpost.co.in

gears.au *.gears.au

*.demo.happyhalloween.it happyhalloween.it *.happyhalloween.it

*.bahamas.scotiabak.com *.blog.scotiabak.com *.br.scotiabak.com *.cams.scotiabak.com *.clientportal.scotiabak.com *.ico.scotiabak.com *.jamaica.scotiabak.com *.mail.scotiabak.com *.online.scotiabak.com *.pa.scotiabak.com *.ppleap.scotiabak.com *.pro.scotiabak.com *.rav.scotiabak.com scotiabak.com *.scotiabak.com *.scotiaconnect.scotiabak.com *.scotiaonline.scotiabak.com *.ww16.scotiabak.com *.ww25.scotiabak.com *.ww38.scotiabak.com *.zero.scotiabak.com

*.admin.unifiedheartsplanning.beauty *.intranet.unifiedheartsplanning.beauty *.shop.unifiedheartsplanning.beauty unifiedheartsplanning.beauty *.unifiedheartsplanning.beauty