SSL Certificate Analysis for secure.rsong.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=haimart-kaigo.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 16, 2026

Valid Until

August 14, 2026 85 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

92:57:A1:11:0F:8A:E1:C5:97:0A:D5:6C:80:7B:82:67:AA:94:12:CF:06:A1:25:95:45:C3:6B:CC:2E:8A:EB:EA

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

rsong.com *.rsong.com *.api.rsong.com *.app.rsong.com *.img1-fg.rsong.com *.login.rsong.com *.secure.rsong.com

Other domains in certificate

4579n.com *.4579n.com *.random.4579n.com

cadtech.co *.cadtech.co

*.autodiscover.digital-marketer.com digital-marketer.com *.digital-marketer.com *.sitemaps.digital-marketer.com

haimart-kaigo.com *.haimart-kaigo.com *.ww25.haimart-kaigo.com

*.8r1us7.ken88z.com *.admin.ken88z.com ken88z.com *.ken88z.com

*.autodiscover.kidscareacademyindiana.com kidscareacademyindiana.com *.kidscareacademyindiana.com *.webdisk.kidscareacademyindiana.com

*.api.my777j.com my777j.com *.my777j.com

*.api.nohfamily.family *.dev.nohfamily.family nohfamily.family *.nohfamily.family

*.api.optipayrcm.info *.backup.optipayrcm.info *.new.optipayrcm.info optipayrcm.info *.optipayrcm.info

*.api.probitcoin.co *.app.probitcoin.co *.m.probitcoin.co probitcoin.co *.probitcoin.co

*.804685ff-415c-4558-86d5-c60bdbe23bcc.savvyfoodadvisors.food *.api.savvyfoodadvisors.food *.dev.savvyfoodadvisors.food savvyfoodadvisors.food *.savvyfoodadvisors.food

*.api.soikeobongdac1.com soikeobongdac1.com *.soikeobongdac1.com *.yq2ud7.soikeobongdac1.com

*.admin.southcitydynamic.com *.api.southcitydynamic.com southcitydynamic.com *.southcitydynamic.com

*.a.sukajanjacket.info *.admin.sukajanjacket.info *.api.sukajanjacket.info sukajanjacket.info *.sukajanjacket.info *.vqvlb.sukajanjacket.info

*.api.sustainableai.art sustainableai.art *.sustainableai.art

*.8f417564-bd24-4a0e-a2b0-c79b151b1fea.threedee.art *.admin.threedee.art *.assis.threedee.art threedee.art *.threedee.art

*.admin.tim3span.com *.api.tim3span.com *.blog.tim3span.com *.dev.tim3span.com *.m.tim3span.com tim3span.com *.tim3span.com *.www.tim3span.com

*.admin.udyoganidhi.in *.api.udyoganidhi.in udyoganidhi.in *.udyoganidhi.in

*.autodiscover.visacanadaeta.com *.cpcontacts.visacanadaeta.com visacanadaeta.com *.visacanadaeta.com

*.sitemaps.yogaaclasses.site yogaaclasses.site *.yogaaclasses.site