SSL Certificate Analysis for store.check.organic - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=3jb.xyz

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 30, 2026

Valid Until

July 29, 2026 74 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

69:5C:EE:8D:35:FD:7E:6B:CA:16:C5:EC:15:D4:A7:B7:03:15:42:BC:B2:F6:33:A3:C8:94:D2:E1:A1:11:23:54

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

check.organic *.check.organic *.0a81da90-5789-48f0-b1f7-b8d3f29ca5f2.check.organic *.api.check.organic *.b0d44391-9125-4875-922d-7fc325bf8759.check.organic *.caramel.check.organic *.dev.check.organic *.fkczedev.check.organic *.hostmaster.check.organic *.magento.check.organic *.mail.check.organic *.members.check.organic *.metrics.check.organic *.mx.check.organic *.new.check.organic *.random.check.organic *.store.check.organic *.test.check.organic *.webmail.check.organic *.www.check.organic

Other domains in certificate

3jb.xyz *.3jb.xyz *.h0p.3jb.xyz *.ww25.3jb.xyz *.ww38.3jb.xyz

anterior.it *.anterior.it *.hostmaster.anterior.it

bowling.network *.bowling.network *.hostmaster.bowling.network

cafetamworth.uk *.cafetamworth.uk

cashcow.studio *.cashcow.studio

climatemanual.org *.climatemanual.org *.ww25.climatemanual.org

*.app.empresarioia.digital *.assets.empresarioia.digital *.db9b4e04-a1b8-413c-9358-a9655a8fb1e6.empresarioia.digital *.dev.empresarioia.digital empresarioia.digital *.empresarioia.digital *.test.empresarioia.digital *.v1pkx5.empresarioia.digital

forexforum.it *.forexforum.it *.mail.forexforum.it

*.25.hjaf3c.top hjaf3c.top *.hjaf3c.top *.m.hjaf3c.top *.ww17.hjaf3c.top

innocenthing.com *.innocenthing.com *.ww6.innocenthing.com *.www6.innocenthing.com

jackiespetfoods.co.uk *.jackiespetfoods.co.uk

jlautosales.com *.jlautosales.com

mcdonalds-froschmeier.de *.mcdonalds-froschmeier.de *.office.mcdonalds-froschmeier.de

*.admin.nuoc.it *.backend.nuoc.it *.dash.nuoc.it *.dashboard.nuoc.it *.dashboards.nuoc.it *.hostmaster.nuoc.it nuoc.it *.nuoc.it *.staging.nuoc.it *.visual.nuoc.it *.www.nuoc.it *.xn--m-jwm.nuoc.it *.ycs.nuoc.it

paperio.biz *.paperio.biz *.ww25.paperio.biz

samaki.store *.samaki.store

satsuma.life *.satsuma.life *.schedule.satsuma.life

*.akdnofiy.zhenyitech.it.com *.mta-sts.zhenyitech.it.com zhenyitech.it.com *.zhenyitech.it.com