SSL Certificate Analysis for resolver.preowned.autos - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=293875.blog

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 13, 2026

Valid Until

August 11, 2026 58 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

53:53:74:33:48:57:4A:5E:09:A6:62:DD:1B:77:15:60:9F:CC:AF:D8:4F:CB:E2:20:51:AE:78:C8:78:C9:AD:04

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

preowned.autos *.preowned.autos *.intranet.preowned.autos

Other domains in certificate

15661.agency *.15661.agency

25657.agency *.25657.agency

293875.blog *.293875.blog

35662.agency *.35662.agency

45660.agency *.45660.agency

631164.xyz *.631164.xyz

75mainstreetnantucket.com *.75mainstreetnantucket.com

8kbet.tools *.8kbet.tools

95664.agency *.95664.agency

96609.lgbt *.96609.lgbt

986723.blog *.986723.blog

ai-automated-testing-de.click *.ai-automated-testing-de.click

amsterdam-coach-tour-uk.sbs *.amsterdam-coach-tour-uk.sbs

aplpulau69.cyou *.aplpulau69.cyou *.stg.aplpulau69.cyou

apltokyo99.lol *.apltokyo99.lol *.stg.apltokyo99.lol

babeh188store.com *.babeh188store.com

bet88.wine *.bet88.wine

buttertopia.com *.buttertopia.com

capitol-monitor.org *.capitol-monitor.org

cnzhenli.cn *.cnzhenli.cn

coolsmartdeals.net *.coolsmartdeals.net

davemc.tech *.davemc.tech

divorceadvice.click *.divorceadvice.click

estogeck.com *.estogeck.com

experttm.com *.experttm.com

fanaticsdna.com *.fanaticsdna.com

ginarinehart.xyz *.ginarinehart.xyz

kabaradondo.xyz *.kabaradondo.xyz

kaitookjing.com *.kaitookjing.com

leon-casino-st48q.xyz *.leon-casino-st48q.xyz

letofflee.live *.letofflee.live

*.com.retailhemp.com retailhemp.com *.retailhemp.com

visapartners.biz *.visapartners.biz

wawasoft.org *.wawasoft.org

xdigitalgold.com *.xdigitalgold.com

xiustore.com *.xiustore.com

xn--80aeshtx5ch.net *.xn--80aeshtx5ch.net

xn--gmqz11d.com *.xn--gmqz11d.com

zabolekar.top *.zabolekar.top

zerobuild.xyz *.zerobuild.xyz

zrdaf.sbs *.zrdaf.sbs

zuid-holland-zuid.com *.zuid-holland-zuid.com