SSL Certificate Analysis for sozo-stores.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=link.pitchgauge.com

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

January 18, 2026

Valid Until

April 18, 2026 88 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

36:39:60:76:AC:71:E6:10:42:01:A1:4B:BF:DE:94:E0:DA:F1:DF:6E:2C:69:DF:5C:82:3E:F7:C3:E7:EF:86:5A

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

sozo-stores.com

Other domains in certificate

www.aafpets.com

www.adisanmetals.com

forms.akos.one

app.askclass.com

www.atmajorease.com

bastiendupont.com

www.benjibooks.com

bingoal.uk

www.bit505.com

mall-chat.boujee.jp

brunchycafe.com

curso-cannabis.centrofluminense.com.br

chip-mate.com

ckucera.com

www.classroomsolution.app

www.codb.io

console.dealpath.app

rvm-5.dev-ltl-xpo.com

dml.news

ekremkocak.com

www.fishcompanion.com

flscarend.nl

360.fnt.hm

frigg.io

www.geeo.work

myevents-admin.georgfischer.com

share.getallium.com

glamourwigsbyariella.com

gorzycki.net

gpskilveren.nl

linkedin.greagori.com

auth.gymbook.in

hallobon.nl

avalia.hauzs.com.br

hedgehappy.com

www.jakelaver.com

agent.jamesjunloy.com

joyeriahefesto.com

read.joylocker.it

www.kccricket.net

kri-and.fi

kristadoubleday.com

auth.kudo.coach

test-acme.lifebrand.life

www.lionsclubvicentenoble.org

locltour.com

mcdfrieshit-es-acc.lwdev.nl

malehealthreport.org

www.markallenwebdeveloper.co.uk

mikehammmusic.com

panel.mistikist.com

moins5.org

mysticarts.uk

mysticpath.io

admin.natually.in

www.links.new.de

irm.newgate.li

ebptracker.newgen.co

nilieesgoty.nl

nixwang.com

nufort.net

www.numericalcognition.net

www.o10consultoria.com.br

panamonitor.com

app-id-dev4.pbcd.net

phng.de

link.pitchgauge.com

www.podeperguntar.com

www.premierlogistic.com

pssmena.com

streetbangkokivry.order.pulp.eu

2018.puneagileunconference.com

actividad.rainbytes.com

www.ramilveiculos.com.br

rostykerei.nl

admin.sfomart.com

www.sigscale.com

app.splytpay.com

superant.kr

tmglife.talaatmoustafa.com

thedepartmenttax.tallyfor.com

tantan-tech.com

teesdalephysio.com

www.thisgeneration.in

beta-v3.tecore-client-cdn.timeedit.net

www.timelessbaseball.com

timpan.by

www.treadstonelabs.com

audiencebuilder.tucson.com

tunaspit.com

www.vaynah.net

www.veselinbratanov.com

www.videoeditorsdk.com

videoteleprompter.com

app.voice-fit.net

weltrade.link

fujisystem.wowdesk.jp

yangjoo.kr