Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=mediaphile.io
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
March 13, 2026
Valid Until
June 11, 2026
31 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C1:91:B8:BA:56:C7:9F:3D:5B:F1:89:82:E7:2A:D7:34:0B:99:AB:D8:8F:AF:09:30:22:A5:AA:60:BC:D4:A8:78
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
adsprogram.click
*.adsprogram.click
*.api.adsprogram.click
*.dev.adsprogram.click
*.ww38.adsprogram.click
5xprop.com
*.5xprop.com
*.in.5xprop.com
acordoresolvido.site
*.acordoresolvido.site
*.www.acordoresolvido.site
arhealthconnector.org
*.arhealthconnector.org
biografiadechile.cl
*.biografiadechile.cl
*.ww16.biografiadechile.cl
blockaccess.io
*.blockaccess.io
*.blog.blockaccess.io
*.headsortails.blockaccess.io
*.mail.blockaccess.io
*.ww25.blockaccess.io
bolatoto.live
*.bolatoto.live
*.www.bolatoto.live
codigospromocionales.online
*.codigospromocionales.online
*.comune.codigospromocionales.online
disteedroo.com
*.disteedroo.com
*.ww25.disteedroo.com
furcoat.com.au
*.furcoat.com.au
kingcomix.co
*.kingcomix.co
*.ww1.kingcomix.co
*.www.kingcomix.co
lacheesecakebakeshop.com
*.lacheesecakebakeshop.com
liquidluxury.us
*.liquidluxury.us
*.ww25.liquidluxury.us
*.www.liquidluxury.us
made-for.studio
*.made-for.studio
*.ww25.made-for.studio
mahermahmoud.com
*.mahermahmoud.com
*.ww25.mahermahmoud.com
mediaphile.io
*.mediaphile.io
*.ww38.mediaphile.io
outletsports.com
*.outletsports.com
*.ww16.outletsports.com
*.ww38.outletsports.com
phasmophobia.site
*.phasmophobia.site
*.hostmaster.pivolis.com
pivolis.com
*.pivolis.com
*.www.pivolis.com
*.cr07mjkg06409jrpf0bg.quoteit.com.au
*.cr4hkdcg06424318n3ig.quoteit.com.au
quoteit.com.au
*.quoteit.com.au
*.ww11.quoteit.com.au
rootbeer.com.au
*.rootbeer.com.au
saddlebags.com.au
*.saddlebags.com.au
stunpens.com
*.stunpens.com
*.random.thetinbox.com
thetinbox.com
*.thetinbox.com
*.httpwww.vfwpost9927.org
vfwpost9927.org
*.vfwpost9927.org
viptime.icu
*.viptime.icu
*.zf.viptime.icu
*.hostmaster.whoer.bet
whoer.bet
*.whoer.bet
*.wildcard.whoer.bet
*.ww16.whoer.bet
*.ww2.whoer.bet
xvideoshd.com
*.xvideoshd.com
Other domains in certificate