SSL Certificate Analysis for wwwicsgroup.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=wwwicsgroup.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 10, 2026

Valid Until

May 11, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

13:C5:AA:2E:B9:C9:86:87:A6:7E:10:10:67:E2:22:04:59:A7:AE:CF:02:FF:6F:C4:99:67:BF:D4:6A:2B:0D:0E

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

wwwicsgroup.com *.wwwicsgroup.com *.random.wwwicsgroup.com

Other domains in certificate

46481.com *.46481.com *.admin.46481.com *.autodiscover.46481.com *.blog.46481.com *.demo.46481.com *.forum.46481.com *.forums.46481.com *.help.46481.com *.hostmaster.46481.com *.mx.46481.com *.out.46481.com *.smtpmail.46481.com *.ww16.46481.com *.www.46481.com

adscenter.click *.adscenter.click *.analytic.adscenter.click *.autoconfig.adscenter.click *.cpcalendars.adscenter.click *.ww25.adscenter.click *.www.adscenter.click

andreaegli.tech *.andreaegli.tech *.dev.andreaegli.tech

*.com.doob.studio doob.studio *.doob.studio *.garden.doob.studio *.growers.doob.studio *.humansayings.doob.studio *.kalimbanotes.doob.studio *.net.doob.studio *.strainology.doob.studio

*.api.gurden.com *.app.gurden.com *.assets.gurden.com *.backup.gurden.com *.blog.gurden.com *.cadastro.gurden.com *.dev.gurden.com gurden.com *.gurden.com *.hostmaster.gurden.com *.live.gurden.com *.mail01.gurden.com *.radio.gurden.com *.rodeo.gurden.com *.sitemaps.gurden.com *.staging.gurden.com *.test.gurden.com *.vpn.gurden.com *.ww16.gurden.com *.ww38.gurden.com

majusampaibulan1.click *.majusampaibulan1.click

*.control.otogaz.com *.mavi.otogaz.com otogaz.com *.otogaz.com *.sitemap.otogaz.com *.users.otogaz.com *.ww25.otogaz.com

suryacomic.com *.suryacomic.com

*.m.therapizewithchelsea.com *.sitemaps.therapizewithchelsea.com therapizewithchelsea.com *.therapizewithchelsea.com

vinril.click *.vinril.click

weloveboys.net *.weloveboys.net

*.bangdaihocgiare.xemphimsexhay.com *.bantuixachgiare.xemphimsexhay.com *.lambangcapba.xemphimsexhay.com *.lambangdaihocgiare.xemphimsexhay.com *.lambangdaihocgiarevn.xemphimsexhay.com *.tuixachkoreshop.xemphimsexhay.com xemphimsexhay.com *.xemphimsexhay.com *.xemtruyenchu.xemphimsexhay.com *.xemtruyenhay.xemphimsexhay.com

*.010.yieldfile.online yieldfile.online *.yieldfile.online