SSL Certificate Analysis for ssl.argabrite.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=nhandinhkeo.vip

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 11, 2026

Valid Until

May 12, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D6:11:D0:9E:54:91:D3:A5:CC:D4:2C:6E:6C:7C:21:95:A3:21:DD:8E:30:40:28:CF:FF:0E:FF:4F:02:C0:D5:4E

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

argabrite.com *.argabrite.com *.access.argabrite.com *.admin.argabrite.com *.anyconnect.argabrite.com *.api.argabrite.com *.clientesvpn.argabrite.com *.connect.argabrite.com *.dev.argabrite.com *.emv1.argabrite.com *.exchange.argabrite.com *.ftp.argabrite.com *.gateway.argabrite.com *.hostmaster.argabrite.com *.imap1.argabrite.com *.m.argabrite.com *.mail1.argabrite.com *.mail2.argabrite.com *.mailer.argabrite.com *.mailgate.argabrite.com *.mkbnwtlmktexchange.argabrite.com *.mobileconnect.argabrite.com *.mx2.argabrite.com *.officevpn.argabrite.com *.portal.argabrite.com *.remoteaccess.argabrite.com *.remoto.argabrite.com *.secure.argabrite.com *.secureconnect.argabrite.com *.securevpn.argabrite.com *.server.argabrite.com *.smtp-relay.argabrite.com *.smtp.argabrite.com *.ssl.argabrite.com *.studentsvpn.argabrite.com *.test.argabrite.com *.tlmktexchange.argabrite.com *.vpn.argabrite.com *.vpn1.argabrite.com *.vpn3.argabrite.com *.vpnssl.argabrite.com *.webmail.argabrite.com *.webvpn.argabrite.com *.ww16.argabrite.com *.ww17.argabrite.com *.ww38.argabrite.com

Other domains in certificate

*.53822685-9267-4e9b-87aa-65f8b384ec71.delft.rent *.adm.delft.rent *.cedea0a0-cb13-401f-ad53-dad8a06b133c.delft.rent delft.rent *.delft.rent *.edc16dc5-c85c-4d08-8444-f4ad6c811c3d.delft.rent *.localhost.delft.rent *.stzlttest.delft.rent *.webdisk.delft.rent *.whm.delft.rent *.www.delft.rent

*.58d86c4b-ff69-4107-884c-9508e5d1e87a.nhandinhkeo.vip *.dd45f638-c403-442d-ba97-7fcac371c879.nhandinhkeo.vip *.ead.nhandinhkeo.vip *.gateway.nhandinhkeo.vip nhandinhkeo.vip *.nhandinhkeo.vip *.old.nhandinhkeo.vip *.staging.nhandinhkeo.vip *.test-api.nhandinhkeo.vip *.web.nhandinhkeo.vip

*.api.polarluck.org *.mail.polarluck.org polarluck.org *.polarluck.org *.shop.polarluck.org *.staging.polarluck.org *.store.polarluck.org *.test.polarluck.org *.testing.polarluck.org

*.0fccc289-b2b6-488b-beee-4aaaf146205d.reodx.sh *.4f565244-05c7-4838-bad3-580320e64d18.reodx.sh *.api.reodx.sh *.dev.reodx.sh *.df74484b-627c-424c-b2e9-548ba433262c.reodx.sh *.dxtgdftp.reodx.sh *.ftp.reodx.sh *.localhost.reodx.sh *.pop.reodx.sh reodx.sh *.reodx.sh *.test.reodx.sh

woodcrft.com *.woodcrft.com