SSL Certificate Analysis for yan.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=marketingplus.it

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 22, 2026

Valid Until

May 23, 2026 88 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D7:8D:87:20:B8:BE:63:EB:D1:3F:43:6C:AA:54:84:CE:B4:EC:BB:71:89:25:1B:E3:EB:84:B4:BB:6F:F4:7D:C1

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

yan.org *.yan.org *.reg.yan.org

Other domains in certificate

008555.com *.008555.com *.api.008555.com *.inmoje.008555.com

*.api.canbmboom.qpon *.app.canbmboom.qpon canbmboom.qpon *.canbmboom.qpon *.egyptpost.canbmboom.qpon *.marketing.canbmboom.qpon *.members.canbmboom.qpon *.qa.canbmboom.qpon *.stg.canbmboom.qpon *.test.canbmboom.qpon *.v2.canbmboom.qpon *.www.canbmboom.qpon

*.cd8c3b31-f114-4624-966e-abad1ad82381.cyouhalte66.cyou cyouhalte66.cyou *.cyouhalte66.cyou

*.ftp.glnkaronioasdalibes.cyou glnkaronioasdalibes.cyou *.glnkaronioasdalibes.cyou *.pop.glnkaronioasdalibes.cyou *.www.glnkaronioasdalibes.cyou

*.bi.grandmarais.it *.dashboard.grandmarais.it *.demo.grandmarais.it *.forecast.grandmarais.it grandmarais.it *.grandmarais.it *.intel.grandmarais.it *.metrics.grandmarais.it

ketbank.com *.ketbank.com *.letter.ketbank.com

*.api.levignette.it *.dashboards.levignette.it levignette.it *.levignette.it *.mail.levignette.it *.reporting.levignette.it *.staging.levignette.it

*.landed.marketingplus.it marketingplus.it *.marketingplus.it

*.en90261.modernheat.pl *.gmu.modernheat.pl modernheat.pl *.modernheat.pl *.piyocis.modernheat.pl *.sport.modernheat.pl

*.hand.queengg.cyou queengg.cyou *.queengg.cyou

*.app.syncerpro.com *.m.syncerpro.com syncerpro.com *.syncerpro.com *.www.syncerpro.com

*.random.techiebuy.com techiebuy.com *.techiebuy.com

thelorneglasgow.com *.thelorneglasgow.com *.ww25.thelorneglasgow.com

*.1337x.unblocked.live *.btscene.unblocked.live *.extratorrent.unblocked.live *.eztv.unblocked.live *.libgen.unblocked.live *.movie25.unblocked.live *.projectfreetv.unblocked.live *.putlocker.unblocked.live *.seventorrents.unblocked.live *.torrentbutler.unblocked.live *.torrentdownloads.unblocked.live *.torrentfunk.unblocked.live *.torrentreactor.unblocked.live unblocked.live *.unblocked.live

*.card.voov.site *.internet.voov.site *.mbox.voov.site voov.site *.voov.site *.webmail.voov.site