SSL Certificate Analysis for urmann.com - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=probably.today

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 09, 2026

Valid Until

April 09, 2026 53 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

16:E8:A6:0D:87:30:A7:6E:59:ED:32:44:96:EE:FB:B9:49:32:A9:92:BC:89:B2:38:8E:53:39:ED:9A:11:35:E2

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

urmann.com *.urmann.com *.app1.urmann.com *.auktion.urmann.com *.portal.urmann.com *.random.urmann.com *.ssl.urmann.com *.ww38.urmann.com *.www.urmann.com

Other domains in certificate

aroca.com *.aroca.com *.beta.aroca.com *.centroesteticoirene.aroca.com *.correo.aroca.com *.mail8.aroca.com *.moises.aroca.com *.mx10.aroca.com *.owa.aroca.com *.securesmtp.aroca.com *.sitemap.aroca.com *.webmail.aroca.com *.wildcard.aroca.com *.ww16.aroca.com *.www.aroca.com

autoweek.live *.autoweek.live *.ww38.autoweek.live *.www.autoweek.live

blackdick.info *.blackdick.info *.random.blackdick.info *.ww25.blackdick.info *.ww38.blackdick.info

free.net.au *.free.net.au *.grapevine.free.net.au *.karitoo.free.net.au *.me-sv-02.free.net.au *.office.free.net.au *.random.free.net.au *.register.free.net.au *.turkey.free.net.au *.vw-26855.free.net.au

*.client.hk178.club *.gateway.hk178.club hk178.club *.hk178.club *.portal.hk178.club *.sitemaps.hk178.club *.ssl.hk178.club *.vpn.hk178.club *.web.hk178.club *.webconnect.hk178.club

learnologyempire.com *.learnologyempire.com *.www.learnologyempire.com

localcairnsplumber.online *.localcairnsplumber.online *.ww16.localcairnsplumber.online

paleo.studio *.paleo.studio *.test.paleo.studio *.ww38.paleo.studio

panty.com.au *.panty.com.au *.ww25.panty.com.au *.ww38.panty.com.au

pickday.store *.pickday.store *.ww38.pickday.store

*.mail.probably.today probably.today *.probably.today *.ww38.probably.today

puretime88.io *.puretime88.io *.ww38.puretime88.io

*.m.wbahis256.com *.random.wbahis256.com *.sitemap.wbahis256.com wbahis256.com *.wbahis256.com *.ww25.wbahis256.com *.www.wbahis256.com

*.mail5.xuanthu.com *.rdweb.xuanthu.com *.server1.xuanthu.com *.webmail.xuanthu.com xuanthu.com *.xuanthu.com