SSL Certificate Analysis for poletti.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=bloomingoats.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 06, 2026

Valid Until

May 07, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

21:56:21:3B:93:D3:37:D4:A0:B7:E0:73:6E:0F:91:09:38:DC:5D:69:75:64:6A:35:B3:4B:10:E0:73:64:A5:E0

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

poletti.com *.poletti.com *.access.poletti.com *.admin.poletti.com *.api.poletti.com *.app.poletti.com *.authsmtp.poletti.com *.blog.poletti.com *.connect.poletti.com *.crypto.poletti.com *.dario.poletti.com *.demo.poletti.com *.eeirpinbound.poletti.com *.email.poletti.com *.imaps.poletti.com *.inbound.poletti.com *.mail.poletti.com *.mx.poletti.com *.remote.poletti.com *.secure.poletti.com *.securemail.poletti.com *.sitemap.poletti.com *.sitemaps.poletti.com *.vpn.poletti.com *.vpnssl.poletti.com *.webmail.poletti.com *.ww16.poletti.com

Other domains in certificate

bloomingoats.com *.bloomingoats.com

*.2ca557ff-754b-4efa-8015-bd06e2172a26.keywest.vodka *.a113166f-cab7-43c7-a0c3-cb253c057066.keywest.vodka *.alfabank.keywest.vodka *.ameriabank.keywest.vodka *.avito.keywest.vodka *.azerpost.keywest.vodka *.bfxqjweb02.keywest.vodka *.bnptdjiz.keywest.vodka *.bts.keywest.vodka *.busfor.keywest.vodka *.c5d4e326-00e3-48ac-95fe-b4fac10f6ebe.keywest.vodka *.catalog.keywest.vodka *.cdek-kz.keywest.vodka *.cjhsvbxf.keywest.vodka *.clickk-uz.keywest.vodka *.cliente.keywest.vodka *.demo.keywest.vodka *.downloads.keywest.vodka *.dyvtjeri.keywest.vodka *.edem.keywest.vodka *.eufrndzx.keywest.vodka *.example.keywest.vodka *.fytgkbuv.keywest.vodka *.goldapple.keywest.vodka *.home.keywest.vodka *.hr.keywest.vodka *.hrniqltf.keywest.vodka *.idlntyhq.keywest.vodka *.inecobank.keywest.vodka *.jpelkmoneygram.keywest.vodka keywest.vodka *.keywest.vodka *.mailgate.keywest.vodka *.mbank.keywest.vodka *.members.keywest.vodka *.moneygram.keywest.vodka *.mx01.keywest.vodka *.nrhlwtmi.keywest.vodka *.optimabank.keywest.vodka *.oyfxsqwb.keywest.vodka *.ponyexpress.keywest.vodka *.pub.keywest.vodka *.rjeciyfl.keywest.vodka *.rsk.keywest.vodka *.sample.keywest.vodka *.saturnpay.keywest.vodka *.sbrepjnd.keywest.vodka *.ssl.keywest.vodka *.staging.keywest.vodka *.test.keywest.vodka *.vajzfoxu.keywest.vodka *.vpn1.keywest.vodka *.web0.keywest.vodka *.web02.keywest.vodka *.ww3.keywest.vodka *.www2.keywest.vodka *.xtygnlsc.keywest.vodka

weloantoyou.com *.weloantoyou.com *.www.weloantoyou.com *.wwww.weloantoyou.com