SSL Certificate Analysis for analytic.laptic.site - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=suncrown.com.tw

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 09, 2026

Valid Until

April 09, 2026 62 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

38:4B:48:7F:77:49:BF:15:E2:6A:E8:FE:50:4A:60:34:F7:61:B3:5E:11:E3:43:5D:D6:3F:E3:68:68:AA:A0:39

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

laptic.site *.laptic.site *.5m2n5b.laptic.site *.analytic.laptic.site *.api.laptic.site *.app.laptic.site *.e7we06f5a5zanvn6.laptic.site *.random.laptic.site

Other domains in certificate

5557bet.bet *.5557bet.bet

altinustuninsan.xyz *.altinustuninsan.xyz *.s4wra8s.altinustuninsan.xyz *.si9zgif.altinustuninsan.xyz *.webmail.altinustuninsan.xyz

bloxshader.com *.bloxshader.com *.whatsapp.bloxshader.com

carelonbehaviralhealth.com *.carelonbehaviralhealth.com

*.spam.suncrown.com.tw *.stmail.suncrown.com.tw suncrown.com.tw *.suncrown.com.tw *.test.suncrown.com.tw *.www.suncrown.com.tw

*.anyconnect.fidelia73c.de *.client.fidelia73c.de *.connect.fidelia73c.de fidelia73c.de *.fidelia73c.de *.gateway.fidelia73c.de *.mobile.fidelia73c.de *.office.fidelia73c.de *.secure.fidelia73c.de *.sitemap.fidelia73c.de *.sslvpn.fidelia73c.de *.studentsvpn.fidelia73c.de *.vpn1.fidelia73c.de *.vpn2.fidelia73c.de *.vpnssl.fidelia73c.de *.web.fidelia73c.de *.webconnect.fidelia73c.de *.webvpn.fidelia73c.de

germanalvarez.online *.germanalvarez.online *.random.germanalvarez.online

greenlandsequestriancentre.co.uk *.greenlandsequestriancentre.co.uk

homestay.co.uk *.homestay.co.uk *.ww2.homestay.co.uk

huppe.studio *.huppe.studio

icchhahotel.com *.icchhahotel.com

ieeeghicast2024.org *.ieeeghicast2024.org *.whm.ieeeghicast2024.org

kapark.store *.kapark.store *.sitemap.kapark.store

*.autoconfig.myiq1.com myiq1.com *.myiq1.com *.webmail.myiq1.com *.ww25.myiq1.com

noreengraphics.com *.noreengraphics.com *.whm.noreengraphics.com

*.marz.offtime.site offtime.site *.offtime.site

*.aviator-official.play-maket.store *.officialgame.play-maket.store play-maket.store *.play-maket.store *.tigrobr.play-maket.store

sugarplayfree1.com *.sugarplayfree1.com

*.nostalgialodela.tcgcapital.co tcgcapital.co *.tcgcapital.co *.www.tcgcapital.co

*.admin.toru.top *.alpha.toru.top *.notexistsbeta.toru.top toru.top *.toru.top *.wildcard.toru.top