Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=passionmeat.it
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
February 22, 2026
Valid Until
May 23, 2026
88 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
64:59:75:C3:89:BA:0F:34:4C:BD:DB:12:C5:B9:87:CF:8A:23:97:8E:BA:5C:D0:9A:73:73:34:7B:A2:95:9F:68
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
89 domains
readingbible.com
*.readingbible.com
*.ww25.readingbible.com
amora-maille.com
*.amora-maille.com
*.mx.amora-maille.com
*.ww25.amora-maille.com
*.1yme1.canopower.cfd
*.2194l.canopower.cfd
*.2dbks.canopower.cfd
*.39ir6.canopower.cfd
*.5jsd7.canopower.cfd
*.78z68.canopower.cfd
*.8joac.canopower.cfd
*.8r9pg.canopower.cfd
*.admin.canopower.cfd
*.api.canopower.cfd
*.b54zj.canopower.cfd
*.bnbod.canopower.cfd
*.bordqrczhl.canopower.cfd
*.c6udy.canopower.cfd
canopower.cfd
*.canopower.cfd
*.cuyk.canopower.cfd
*.cxie3.canopower.cfd
*.fbfyjweetgapp.canopower.cfd
*.fcvkr.canopower.cfd
*.fdb74.canopower.cfd
*.g22y8.canopower.cfd
*.he00g.canopower.cfd
*.j2zfz.canopower.cfd
*.kac0t.canopower.cfd
*.l0r4m.canopower.cfd
*.l1v3f.canopower.cfd
*.nan1j.canopower.cfd
*.o1ghs.canopower.cfd
*.ootbp.canopower.cfd
*.pwb3b.canopower.cfd
*.q2s8t.canopower.cfd
*.rnyzj.canopower.cfd
*.uat.canopower.cfd
*.v3ywp.canopower.cfd
*.vhakn.canopower.cfd
*.www.canopower.cfd
*.xrqcg.canopower.cfd
*.zruod.canopower.cfd
espazio.com
*.espazio.com
*.ce7ea961-38bc-4597-bad7-946efae0cf40.guestprice.com
guestprice.com
*.guestprice.com
*.mailgw.guestprice.com
insidestraightdraw.com
*.insidestraightdraw.com
*.remote.insidestraightdraw.com
*.1re.kmjj.com
*.cloud.kmjj.com
kmjj.com
*.kmjj.com
*.onbus.kmjj.com
*.random.kmjj.com
*.ww45.kmjj.com
leafsivory.com
*.leafsivory.com
*.webmail.leafsivory.com
*.apzq.musicintown.it
*.bgqr.musicintown.it
*.euts.musicintown.it
*.ivx.musicintown.it
*.muej.musicintown.it
musicintown.it
*.musicintown.it
*.mx.musicintown.it
*.nxku.musicintown.it
*.pmko.musicintown.it
*.qloo.musicintown.it
*.superset.musicintown.it
*.www.musicintown.it
parmesanreibe.de
*.parmesanreibe.de
*.demo.passionmeat.it
*.dev.passionmeat.it
passionmeat.it
*.passionmeat.it
*.track.zeroriskgrowthemail.com
zeroriskgrowthemail.com
*.zeroriskgrowthemail.com
zodgane.xyz
*.zodgane.xyz
Other domains in certificate