SSL Certificate Analysis for qpi.jaach.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=yookyung.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 05, 2026

Valid Until

May 06, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

AF:DD:A8:9A:2F:A7:0D:CD:58:3F:96:F0:6E:55:F8:4E:47:42:20:84:83:BA:8D:4B:DA:06:04:4A:14:23:A5:CD

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

jaach.com *.jaach.com *.api.jaach.com *.backup.jaach.com *.hostmaster.jaach.com *.qpi.jaach.com *.test.jaach.com *.vpn.jaach.com

Other domains in certificate

airbnbcouponreddit.com *.airbnbcouponreddit.com *.ww38.airbnbcouponreddit.com

*.access.albek.com albek.com *.albek.com *.antispam.albek.com *.anyconnect.albek.com *.auth.albek.com *.backup.albek.com *.connectvpn.albek.com *.exchange.albek.com *.hostmaster.albek.com *.marketing.albek.com *.mobile.albek.com *.office.albek.com *.pop3.albek.com *.portal.albek.com *.rdp.albek.com *.rds.albek.com *.rdweb.albek.com *.remote.albek.com *.secure.albek.com *.smtp1.albek.com *.ssl.albek.com *.stg.albek.com *.uat.albek.com *.v2.albek.com *.vpn.albek.com *.vpn2.albek.com *.web.albek.com *.webconnect.albek.com

alugueldecarro.com *.alugueldecarro.com *.backup.alugueldecarro.com

auslands.com *.auslands.com *.ebay.auslands.com

*.avggm5vs9r.datafloww.xyz datafloww.xyz *.datafloww.xyz

edigo.com *.edigo.com

*.asa.hiddink.com hiddink.com *.hiddink.com *.zamid1-gp.hiddink.com

jami.es *.jami.es *.mail.jami.es *.mi.jami.es

*.mail.parcbotannia.info parcbotannia.info *.parcbotannia.info *.sitemap.parcbotannia.info *.sitemaps.parcbotannia.info *.www.parcbotannia.info

talvivaara.com *.talvivaara.com *.ww16.talvivaara.com

typeit.it *.typeit.it *.webdisk.typeit.it

*.integration.varzy.xyz *.m.varzy.xyz *.savarzy.varzy.xyz varzy.xyz *.varzy.xyz *.ww38.varzy.xyz

*.sport.x10tn.com *.staging.x10tn.com *.ww25.x10tn.com x10tn.com *.x10tn.com

*.kwid9.xn--vpn-ol9dw02ma.xyz xn--vpn-ol9dw02ma.xyz *.xn--vpn-ol9dw02ma.xyz

*.ead.yookyung.com *.qaypxdahnzww38.yookyung.com *.ww16.yookyung.com yookyung.com *.yookyung.com