SSL Certificate Analysis for sitemaps.thattutor.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=hometec.it

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 05, 2026

Valid Until

May 06, 2026 83 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

52:26:27:9A:15:A4:EB:18:7F:16:D1:32:6B:FE:22:DE:20:C7:B4:DE:39:72:13:3C:B3:AC:0B:87:5D:E3:37:58

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

thattutor.com *.thattutor.com *.sitemaps.thattutor.com

Other domains in certificate

artiaga.com *.artiaga.com *.ciscovpn.artiaga.com *.office.artiaga.com *.ravpn.artiaga.com *.relay.artiaga.com *.sslvpn.artiaga.com *.vpn.artiaga.com

assassino.de *.assassino.de *.www.assassino.de

*.analytic.dedal.it *.app.dedal.it dedal.it *.dedal.it

*.admin.hirel.it hirel.it *.hirel.it

*.demo.hometec.it hometec.it *.hometec.it

*.anilrungta.nechno.com *.ans-erp.nechno.com *.arjunelectric.nechno.com *.bazaar.nechno.com *.bhramannepal.nechno.com *.bijam.nechno.com *.bimalendranidhi.nechno.com *.clms.nechno.com *.cpcontacts.nechno.com *.crm.nechno.com *.dev.nechno.com *.drishyankan.nechno.com *.efood.nechno.com *.electroworld.nechno.com *.erp.nechno.com *.esf.nechno.com *.food.nechno.com *.gautamschoolbrj.nechno.com *.hc.nechno.com *.himtechinc.nechno.com *.lightnepal.nechno.com *.lokawaaj.nechno.com *.lokawaj.nechno.com *.movie.nechno.com *.narayani.nechno.com nechno.com *.nechno.com *.nepaldarpan.nechno.com *.nirajghimire.nechno.com *.np.nechno.com *.nsrh.nechno.com *.pdl.nechno.com *.portal.nechno.com *.pos.nechno.com *.pradeshpalika.nechno.com *.ravindrasah.nechno.com *.ravisah.nechno.com *.samata.nechno.com *.samatadaily.nechno.com *.samatadainik.nechno.com *.sanskriti.nechno.com *.signage.nechno.com *.sumitpathak.nechno.com *.sushantrijal.nechno.com *.tours.nechno.com *.visit.nechno.com *.yazat-erp.nechno.com

*.mail.rodam.it rodam.it *.rodam.it *.vpn.rodam.it

*.remote.sdhlyzc.com sdhlyzc.com *.sdhlyzc.com

*.collector.xhvirtual.xyz *.hi.xhvirtual.xyz *.hu.xhvirtual.xyz *.linkoftime.xhvirtual.xyz *.pl.xhvirtual.xyz *.tr.xhvirtual.xyz *.ww25.xhvirtual.xyz xhvirtual.xyz *.xhvirtual.xyz *.zh.xhvirtual.xyz