SSL Certificate Analysis for uat.cap88.pro - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=botmass.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 24, 2026

Valid Until

July 23, 2026 65 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

14:9B:0A:10:39:EE:D9:B9:8E:6B:77:E2:13:DE:51:B7:1E:C7:EF:FA:3B:8A:2B:B5:7E:E5:B6:7A:00:AD:14:D0

Alternative Names

87 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

87 domains

cap88.pro *.cap88.pro *.api.cap88.pro *.app.cap88.pro *.backup.cap88.pro *.dev.cap88.pro *.members.cap88.pro *.new.cap88.pro

Other domains in certificate

*.19f93777-0997-4eb0-8609-24832ac79c79.botmass.com *.anbgeexternal.botmass.com *.app.botmass.com *.assets.botmass.com *.backup.botmass.com botmass.com *.botmass.com *.cloud.botmass.com *.demo.botmass.com *.dev.botmass.com *.external.botmass.com *.hml.botmass.com *.ngbnerds.botmass.com *.rds.botmass.com *.rdweb.botmass.com *.remote.botmass.com *.shop.botmass.com *.test.botmass.com *.www.botmass.com

*.73b22d00-6acb-47c6-83a4-d9dc7e39ab66.sulit.deals *.access.sulit.deals *.admin.sulit.deals *.api.sulit.deals *.app.sulit.deals *.apps.sulit.deals *.assets.sulit.deals *.auth.sulit.deals *.backup.sulit.deals *.blog.sulit.deals *.cloud.sulit.deals *.cloudapp.sulit.deals *.cogedrls.sulit.deals *.connect.sulit.deals *.d673dbd5-c35d-4aeb-b7be-32c5afd7e88c.sulit.deals *.dashboard.sulit.deals *.dba15b6c-59c3-4f49-a339-fd6e85612bf4.sulit.deals *.desktopstudent.sulit.deals *.dev.sulit.deals *.gateway.sulit.deals *.globalprotect.sulit.deals *.hostmaster.sulit.deals *.ivvewweb.sulit.deals *.jkhpofic.sulit.deals *.klodgbackup.sulit.deals *.lfmjoremote.sulit.deals *.luktvihw.sulit.deals *.m.sulit.deals *.mail.sulit.deals *.mailer.sulit.deals *.marketing.sulit.deals *.materiais.sulit.deals *.mnxjscqg.sulit.deals *.online.sulit.deals *.portal.sulit.deals *.prelogon.sulit.deals *.qa.sulit.deals *.rdp.sulit.deals *.rds.sulit.deals *.rds1.sulit.deals *.rdweb.sulit.deals *.remote.sulit.deals *.remoto.sulit.deals *.secure.sulit.deals *.ssl.sulit.deals *.staging.sulit.deals *.stg.sulit.deals sulit.deals *.sulit.deals *.test.sulit.deals *.ts.sulit.deals *.uat.sulit.deals *.uyhinzma.sulit.deals *.uzwypmso.sulit.deals *.v1.sulit.deals *.v2.sulit.deals *.vpn.sulit.deals *.vpnssl.sulit.deals *.web.sulit.deals *.wow.sulit.deals