SSL Certificate Analysis for staging.dragonfruitog.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=bifira.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 07, 2026

Valid Until

July 06, 2026 73 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

63:BF:3B:82:37:82:AB:B9:26:B3:A1:EA:27:95:9B:8E:51:31:FC:48:B0:D4:E2:41:1C:75:B5:B9:4E:7D:6C:0A

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

dragonfruitog.com *.dragonfruitog.com

Other domains in certificate

bifira.com *.bifira.com

binary-winning.com *.binary-winning.com

brightstarmgmt.com *.brightstarmgmt.com

bshanahan.com *.bshanahan.com

cell-phone-for-senrs-9t2m9h9n2r4.sbs *.cell-phone-for-senrs-9t2m9h9n2r4.sbs

cta5hc8s.top *.cta5hc8s.top

cxwdxwx.click *.cxwdxwx.click

ddragxdrive.com *.ddragxdrive.com

dfuse.click *.dfuse.click

dhrcs.reviews *.dhrcs.reviews

domainotes.com *.domainotes.com

dosiogkush.com *.dosiogkush.com

dubairank.com *.dubairank.com

duct-installers-companies-ne.click *.duct-installers-companies-ne.click

durbanpoisonbud.com *.durbanpoisonbud.com

emspost.us *.emspost.us

eomxs.equipment *.eomxs.equipment

eptri.in *.eptri.in

explain.lol *.explain.lol

fhlen.reviews *.fhlen.reviews

fifa-analytics.com *.fifa-analytics.com

financemarketpro.com *.financemarketpro.com

flashsaleprop.com *.flashsaleprop.com

fldlt.com *.fldlt.com

focusmapcrew.com *.focusmapcrew.com

focusmaphub.com *.focusmaphub.com

fpkjw.reviews *.fpkjw.reviews

fragrancia.shop *.fragrancia.shop

fxyxq.town *.fxyxq.town

gearjunior.com *.gearjunior.com

geonh.net *.geonh.net

greencrackflower.com *.greencrackflower.com

maxmillets.com *.maxmillets.com

mbaumbach.com *.mbaumbach.com

mdxld.town *.mdxld.town

medsworld.guru *.medsworld.guru

meetstarpostmarketing.com *.meetstarpostmarketing.com

mjavo.town *.mjavo.town

rveum.com *.rveum.com

sarl.solutions *.sarl.solutions

sdf3n2u6.top *.sdf3n2u6.top

sdnbo.reviews *.sdnbo.reviews

securitysolutionfuture.pro *.securitysolutionfuture.pro

shtf4tn.top *.shtf4tn.top