SSL Certificate Analysis for proxy.cleanbend.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=option.cam

Issuer

C=US, O=Let's Encrypt, CN=YR1

Valid From

June 23, 2026

Valid Until

September 21, 2026 86 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

15:A4:F6:3C:64:4F:E6:A1:C5:FF:AC:ED:C1:68:D7:81:CD:FC:37:20:73:F7:8D:E3:3F:A5:17:D5:CE:CE:EC:F8

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

cleanbend.com *.cleanbend.com *.access.cleanbend.com *.accounts.cleanbend.com *.activesync.cleanbend.com *.admin.cleanbend.com *.anyconnect.cleanbend.com *.checkpoint.cleanbend.com *.fortivpn.cleanbend.com *.gateway.cleanbend.com *.outlook.cleanbend.com *.proxy.cleanbend.com

Other domains in certificate

224.red *.224.red *.admin.224.red *.app.224.red *.demo.224.red *.m0214k.224.red

697.us *.697.us

bikies.com.au *.bikies.com.au

*.6900d512-fa96-4f32-9d00-1a5caa5ce867.diidrone.com *.adc6f752-1807-4cc7-9a66-cdb074343ed2.diidrone.com diidrone.com *.diidrone.com

doturban.com *.doturban.com *.hostmaster.doturban.com

fragranceoil.com.au *.fragranceoil.com.au

*.014w8.gridverse.xyz gridverse.xyz *.gridverse.xyz

*.a12474a2-d396-4ec0-910a-4203e4de5c2e.howtochangeyourmind.org *.dev.howtochangeyourmind.org howtochangeyourmind.org *.howtochangeyourmind.org *.test.howtochangeyourmind.org *.xexa15.howtochangeyourmind.org

krankenversichrung.de *.krankenversichrung.de

lansdownesurgery.co.uk *.lansdownesurgery.co.uk *.ww1.lansdownesurgery.co.uk *.ww11.lansdownesurgery.co.uk *.ww12.lansdownesurgery.co.uk *.ww16.lansdownesurgery.co.uk *.ww38.lansdownesurgery.co.uk

*.hostmaster.niceto.it niceto.it *.niceto.it

*.m.od89.com od89.com *.od89.com *.sber.od89.com

*.gitlab.option.cam option.cam *.option.cam *.transactions.option.cam

*.dev.policingequality.com *.login.policingequality.com *.m.policingequality.com policingequality.com *.policingequality.com *.secure.policingequality.com

slrib.com *.slrib.com

*.4www.sm521.com *.comwww.sm521.com *.m.sm521.com sm521.com *.sm521.com *.wwx.sm521.com

trans600.com *.trans600.com *.ww16.trans600.com *.ww25.trans600.com

*.hostmaster.trueblueai.com *.m.trueblueai.com trueblueai.com *.trueblueai.com

*.regarder.voirfilmstream.net *.test.voirfilmstream.net voirfilmstream.net *.voirfilmstream.net

wearenaked.com.au *.wearenaked.com.au *.ww25.wearenaked.com.au