DNS Gurus
Cached · just now
76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1
Let's Encrypt logo Let's Encrypt

Certificate Information

Subject
CN=cavalini-ec.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
May 20, 2026
Valid Until
August 18, 2026 76 days
Public Key
RSA 4096 bit Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
B8:0A:54:35:90:7D:71:34:0A:F3:ED:1D:4E:B0:2A:BA:BD:31:3F:DD:E4:45:A9:F4:4B:BB:D3:20:EF:F9:83:61
Alternative Names
90 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured Analyze
Content-Security-Policy-Report-Only
Missing
Not configured Analyze
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains
opiad.com *.opiad.com *.demo.opiad.com *.umhbi.opiad.com *.www5.opiad.com

Other domains in certificate

atlanta-bankruptcy.net *.atlanta-bankruptcy.net *.root.atlanta-bankruptcy.net *.ww16.atlanta-bankruptcy.net *.ww25.atlanta-bankruptcy.net
*.admin.avalra.com avalra.com *.avalra.com *.exemption.avalra.com *.mylodgetax.avalra.com *.sbx.avalra.com
*.api.bitzaq.com *.backup.bitzaq.com bitzaq.com *.bitzaq.com *.dev.bitzaq.com *.panel.bitzaq.com *.testing.bitzaq.com
carholder.it *.carholder.it
cavalini-ec.com *.cavalini-ec.com *.ildcard.cavalini-ec.com *.pedidoscavalini.cavalini-ec.com *.random.cavalini-ec.com *.webdisk.cavalini-ec.com
*.api.childresnplace.com childresnplace.com *.childresnplace.com *.pop.childresnplace.com *.ww16.childresnplace.com
fitnessschuh.de *.fitnessschuh.de
*.asp.grs-s.com grs-s.com *.grs-s.com *.ww25.grs-s.com
*.bitrix.hizix.com hizix.com *.hizix.com *.rds.hizix.com *.rdweb.hizix.com *.remote.hizix.com
knoten-in-der-brust.de *.knoten-in-der-brust.de *.ww38.knoten-in-der-brust.de
mobilehandset.it *.mobilehandset.it *.owa.mobilehandset.it *.remote.mobilehandset.it
*.autodiscover.mscgu.org mscgu.org *.mscgu.org *.ww1.mscgu.org *.ww16.mscgu.org
*.disney.purduecal.com *.mail.purduecal.com purduecal.com *.purduecal.com *.ww38.purduecal.com *.www.purduecal.com
*.club.rerae.com *.rdweb.rerae.com rerae.com *.rerae.com *.user.rerae.com *.xroads.rerae.com
*.random.schokoladensahnetorte.de schokoladensahnetorte.de *.schokoladensahnetorte.de
*.a.traficapture-free.info *.admin.traficapture-free.info *.api.traficapture-free.info *.dev.traficapture-free.info *.email.traficapture-free.info traficapture-free.info *.traficapture-free.info *.webmail.traficapture-free.info *.www.traficapture-free.info
woronoco.com *.woronoco.com
*.eeuss.xn--gmzo41d.com xn--gmzo41d.com *.xn--gmzo41d.com *.xn--gmzo41d.xn--gmzo41d.com