SSL Certificate Analysis for ohmstartups.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=www.oneclaim.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

December 06, 2025

Valid Until

March 06, 2026 70 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

7E:78:A0:6C:31:F9:CC:36:1F:8C:60:AA:9F:F2:94:76:AF:3D:7C:DB:5E:57:58:EE:9D:1C:7D:12:73:1B:06:A7

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

ohmstartups.com

Other domains in certificate

www.2ok.in

admin.2.devridezum.com

stagingapp.allycares.com

argo.surf

staging.autogramm.io

www.balobanov.com

api.barbarinn.is

client-ng.beamylabs.com

whp.bmgomg.com

workspace.boarda.io

canakin.de

alpha-links.chalkboard.io

checkadee.app

sit.chumtime.com

www.city-ol-brugg.com

preprod.clevernet.app

app.outgrow.co.in

www.computerwalesir.in

www.consciouscoach.ai

www.covidem.icu

bs-cra.cremawork.com

www.dariodifelice.com

www.dealermail.ca

www.deckf.org

duneadvertising.com

eveandelse.de

fhstundenplan.de

fitmap.com.br

app.flexpnp.de

gcp-api.footballaplqa.com

forms.studio

gadgetlab.id

hachihaus.com

www.herbalformulations.in

ianrios.me

isgraphqlnullabilityfixed.info

affix.simulador.izii.io

www.junkandgems.com

jgo-admin.kards.fr

courses.kelastambahan.id

app.kiki.lk

kohinoorr.in

www.last5min.com

lemoncodes.com.br

www.luminopix.com

markmathiasz.com

nbl.mashwar.in

medal.io

metado.app

lift.mikesulak.com

www.momotabs.com

beheerexellior.moreapp.com

msorting.com

www.mudraquant.com

navywrestling.org

netxys.com

v1.nirmaan.org

retailer.northladder.com

links.oboz.tech

www.oneclaim.com

oneboard-dev.oneclass.co

auth.onetimedocs.com

opulenting.com

brdr-hansen.ordreplan.no

appclip.paperground.com

peeps-web.com

www.pisanacirilica.com

www.pixel16.com

platia.app

maf.polomauleinnova.cl

www.quickakhbar.com

app.quintilhanoimob.com.br

www.dogs.reedit.au

timer.renpoint.com

whatsmypath.ronne.dev

myjami.sam-apps.com

www.sandozrestaurant.com

sandbox.good.members.sargon.com

school.2.devridezum.com

www.setyourmood.com

shelbyfx.com

singinglessonshull.com

masterdyn.sogafit.net

www.tr.speakingathome.com

projects.studentopportunitycenter.com

takeoffpain.com

www.tedxcornell.com

thearchmate.com

tylercolson.com

oauth-sandbox.untied.io

www.vavi.hu

vendor.2.devridezum.com

www.websgo.in

weddingduel.com

wiaexp.com

wr-retail.biz

www.wsuathleticscamps.com

masterclass.wumbox.com

yoann-joly.fr