SSL Certificate Analysis for reproinst.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=reproinst.org

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 09, 2025

Valid Until

March 09, 2026 48 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

2F:55:C6:7C:1F:AA:5A:B9:DC:EC:47:61:14:22:A0:DF:3F:E5:52:1A:2F:59:6B:01:6E:8B:75:8E:E5:BE:08:83

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

reproinst.org *.reproinst.org *.mail.reproinst.org *.piyasamakademisi.reproinst.org

Other domains in certificate

adosquad.fr *.adosquad.fr

adultfriendsexfinder.net *.adultfriendsexfinder.net *.pop3.adultfriendsexfinder.net

*.abc.autoscr.com autoscr.com *.autoscr.com *.ww25.autoscr.com

celikkan.com *.celikkan.com *.rustore.celikkan.com *.workspace.celikkan.com

*.17.clasgens.us *.api.clasgens.us *.asp.clasgens.us *.auth-ns.clasgens.us *.autodiscover.clasgens.us *.bm.clasgens.us *.bridgeopen.clasgens.us *.bv.clasgens.us *.campaign.clasgens.us *.cf.clasgens.us clasgens.us *.clasgens.us *.corporate.clasgens.us *.cust31.clasgens.us *.demo.clasgens.us *.diamond.clasgens.us *.disneyxd.clasgens.us *.dropbox.clasgens.us *.echelonelectricllwww.clasgens.us *.email.clasgens.us *.emv1.clasgens.us *.ermvyhm.clasgens.us *.f.clasgens.us *.files.clasgens.us *.frank.clasgens.us *.fs.clasgens.us *.gdowebapp.clasgens.us *.guide.clasgens.us *.hal.clasgens.us *.host5.clasgens.us *.hotels.clasgens.us *.imailhost.clasgens.us *.ircserver.clasgens.us *.m.clasgens.us *.mail6.clasgens.us *.mailserv.clasgens.us *.navigator.clasgens.us *.nt40.clasgens.us *.ofertas-trabajo.clasgens.us *.old.clasgens.us *.openbsd.clasgens.us *.ops0.clasgens.us *.pls-gts.clasgens.us *.pop.clasgens.us *.pop3.clasgens.us *.popmail.clasgens.us *.potaufeu.clasgens.us *.ppp8.clasgens.us *.prd.clasgens.us *.qaiudimg1.clasgens.us *.smtp.clasgens.us *.spiderman.clasgens.us *.stash.clasgens.us *.trabajo.clasgens.us *.v2.clasgens.us *.vendors.clasgens.us *.ww.clasgens.us *.ww25.clasgens.us *.www.clasgens.us *.yankee.clasgens.us

lensgo-ai.com *.lensgo-ai.com

lontv.xyz *.lontv.xyz *.ww25.lontv.xyz *.ww38.lontv.xyz *.xx.lontv.xyz

menu303rtp.net *.menu303rtp.net

sohodogrescue.org *.sohodogrescue.org

syggzs.net *.syggzs.net