SSL Certificate Analysis for us.pecado.io - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=aroundthelake.it

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 11, 2026

Valid Until

May 12, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

8C:01:2C:A2:AA:AE:BE:70:39:FC:1F:50:43:8E:3B:4B:0C:57:9F:23:A0:C4:08:9E:96:50:A7:9B:C0:13:9F:73

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

pecado.io *.pecado.io *.accounts.pecado.io *.admin.pecado.io *.aix-app.pecado.io *.api.pecado.io *.app.pecado.io *.auth.pecado.io *.demo.pecado.io *.kr.pecado.io *.ph.pecado.io *.services.pecado.io *.th.pecado.io *.us.pecado.io *.www.pecado.io

Other domains in certificate

*.admin.americantek.com americantek.com *.americantek.com *.api.americantek.com *.dev.americantek.com *.hostmaster.americantek.com *.m.americantek.com *.mail5.americantek.com *.mta-sts.americantek.com *.owa.americantek.com *.rustore.americantek.com *.sitemap.americantek.com *.sitemaps.americantek.com *.staging.americantek.com *.test.americantek.com *.ww17.americantek.com *.ww25.americantek.com *.ww38.americantek.com *.ww5.americantek.com *.ytvooj2qgz.americantek.com

andherinyt.in *.andherinyt.in *.services.andherinyt.in *.sitemap.andherinyt.in *.spring.andherinyt.in *.user.andherinyt.in

arisconcept.com *.arisconcept.com *.autoconfig.arisconcept.com *.autodiscover.arisconcept.com *.barracuda2.arisconcept.com *.dev.arisconcept.com *.qa.arisconcept.com *.webmail.arisconcept.com

aroundthelake.it *.aroundthelake.it *.data.aroundthelake.it *.serenella.aroundthelake.it *.tsui.aroundthelake.it

*.autodiscover.differentbydesign.co *.cpanel.differentbydesign.co *.dc-5bbe259daf28.differentbydesign.co differentbydesign.co *.differentbydesign.co *.mail.differentbydesign.co *.staging2.differentbydesign.co *.webdisk.differentbydesign.co *.webmail.differentbydesign.co *.www.differentbydesign.co

*.comune.dongma.com dongma.com *.dongma.com *.jiangongyunlian.dongma.com *.marathon.dongma.com

*.39ir6.gb777.cfd *.7f8d4966-f0ab-44e3-99de-a84a3bf9fae0.gb777.cfd *.96c54.gb777.cfd gb777.cfd *.gb777.cfd *.he00g.gb777.cfd *.ir6.gb777.cfd *.store.gb777.cfd *.u46cv.gb777.cfd *.zyu43.gb777.cfd

*.cpanel.myhomebuilders.com.au *.cpcalendars.myhomebuilders.com.au *.hotfix.myhomebuilders.com.au myhomebuilders.com.au *.myhomebuilders.com.au

*.authsmtp.whichonlinestore.com.au *.random.whichonlinestore.com.au whichonlinestore.com.au *.whichonlinestore.com.au *.ww16.whichonlinestore.com.au