SSL Certificate Analysis for ww1.illus.com - Security Grade & TLS Configuration

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=iwt.services

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 01, 2026

Valid Until

May 02, 2026 77 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

CF:54:A1:B0:98:04:80:D8:6F:E0:8F:50:8D:0E:AC:16:F6:63:8E:9E:08:B7:E8:4A:EE:91:91:C1:25:9E:B8:7D

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

illus.com *.illus.com *.remote.illus.com

Other domains in certificate

beekmanstudios.com *.beekmanstudios.com *.newark.beekmanstudios.com

bprdanamltra.com *.bprdanamltra.com *.gitlab.bprdanamltra.com *.secure.bprdanamltra.com *.shiga2n.bprdanamltra.com

*.9862d745-380f-454d-b081-f977ab46e074.chinaworkstation.com chinaworkstation.com *.chinaworkstation.com

*.comune.zpc.com.pl *.hostmaster.zpc.com.pl *.m.zpc.com.pl *.mail.zpc.com.pl *.www.zpc.com.pl zpc.com.pl *.zpc.com.pl

*.anthony.dohoney.com dohoney.com *.dohoney.com *.journal.dohoney.com

eastcalling.cc *.eastcalling.cc *.m.eastcalling.cc *.mx.eastcalling.cc

*.it.iwt.services iwt.services *.iwt.services *.sitemaps.iwt.services

jimmarascott.com *.jimmarascott.com *.pay.jimmarascott.com

*.m.oktoon.org oktoon.org *.oktoon.org *.sitemaps.oktoon.org *.uat.oktoon.org *.ww25.oktoon.org

*.faq.psbo.eu *.forum.psbo.eu *.hostmaster.psbo.eu psbo.eu *.psbo.eu *.random.psbo.eu *.shop.psbo.eu *.wiki.psbo.eu *.www.psbo.eu

rowlen.com *.rowlen.com *.vpn.rowlen.com

*.amp.rtv.es *.aquihaytrabajo.rtv.es *.bebel.rtv.es *.blog.rtv.es *.doctor.rtv.es *.endirecto.rtv.es *.eswww.rtv.es *.google.rtv.es *.lab.rtv.es *.loshijosdebabel.rtv.es *.movil.rtv.es *.muchchdanui.rtv.es *.play.rtv.es *.redes.rtv.es rtv.es *.rtv.es *.sabervivir.rtv.es *.ww25.rtv.es

*.rds.saille.com saille.com *.saille.com

*.ebay.shakhes.com shakhes.com *.shakhes.com

*.a902e30c-0daa-4f5f-85e1-2811e3d2906d.tendar.tech tendar.tech *.tendar.tech

*.mx7.thehaircuttery.com *.ns1.thehaircuttery.com *.ns2.thehaircuttery.com thehaircuttery.com *.thehaircuttery.com

*.mail.yajj.com yajj.com *.yajj.com