SSL Certificate Analysis for random.roofmaxx.co - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=02295.xyz

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 20, 2026

Valid Until

August 18, 2026 69 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E2:C6:93:97:E8:D6:F9:53:C6:F7:E1:3E:3A:A1:48:92:B0:C8:CC:D3:63:5D:4A:0F:F3:9F:F7:F3:08:D4:BB:3E

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

roofmaxx.co *.roofmaxx.co

Other domains in certificate

02295.xyz *.02295.xyz

11394.blog *.11394.blog

12564.blog *.12564.blog

17005.blog *.17005.blog

2377822.xyz *.2377822.xyz

2469bd.xyz *.2469bd.xyz

27321624.vip *.27321624.vip

35641.blog *.35641.blog

438246.xyz *.438246.xyz

494ka.com *.494ka.com

big.asia *.big.asia

camper-vans.click *.camper-vans.click

cqlzyclkjdlav.us *.cqlzyclkjdlav.us

greymatterslife.com *.greymatterslife.com

h68.my *.h68.my

humanoidagents.xyz *.humanoidagents.xyz

humpback.xyz *.humpback.xyz

hutudole.com *.hutudole.com

joybot.bot *.joybot.bot

jxcof.com *.jxcof.com

k58.my *.k58.my

kcw2660.cc *.kcw2660.cc

lawforfirms.com *.lawforfirms.com

nicego.co *.nicego.co

paleobreakfast.com *.paleobreakfast.com

q37x.run *.q37x.run

residential-leasing-companies-1747741514.today *.residential-leasing-companies-1747741514.today

sjwwk.com *.sjwwk.com

solitudehealth.com *.solitudehealth.com

stanns.ca *.stanns.ca

tendervows.beauty *.tendervows.beauty

tessular.com *.tessular.com

tradethrive.com *.tradethrive.com

venturebuilder.xyz *.venturebuilder.xyz

vrfb.com *.vrfb.com

windtrack.info *.windtrack.info

wlnsefj.my *.wlnsefj.my

work-from-home-2025.sbs *.work-from-home-2025.sbs

workplace-respect-118499084.click *.workplace-respect-118499084.click

yhgyfj.bid *.yhgyfj.bid

z7p929jm8.top *.z7p929jm8.top

zfurnaa1472.vip *.zfurnaa1472.vip

zq7yhzjzw.top *.zq7yhzjzw.top

zulverinad.sbs *.zulverinad.sbs