SSL Certificate Analysis for api.grandsplace.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=g5g.top

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 27, 2025

Valid Until

March 27, 2026 81 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B0:A6:D0:87:78:5E:6B:F2:26:AD:2D:6E:E4:62:2E:32:B8:D9:4F:47:37:2D:88:33:B9:4C:29:8E:0F:68:17:D1

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

grandsplace.org *.grandsplace.org *.remote.grandsplace.org

Other domains in certificate

3793643-coinbase.com *.3793643-coinbase.com *.ww25.3793643-coinbase.com

3movierulzz.com *.3movierulzz.com

*.48276.userapi.co

appsbuybd.xyz *.appsbuybd.xyz

axon-rewards.live *.axon-rewards.live

countrypaving.net *.countrypaving.net

*.acosu-aoesmn.g5g.top g5g.top *.g5g.top

haconcepts.de *.haconcepts.de

hettich-metalltech.de *.hettich-metalltech.de

jdfrgrwhldnyeka.net *.jdfrgrwhldnyeka.net

*.a.mgmts.co *.b.mgmts.co *.c.mgmts.co *.d.mgmts.co *.f.mgmts.co *.i.mgmts.co *.j.mgmts.co *.l.mgmts.co *.m.mgmts.co mgmts.co *.mgmts.co *.o.mgmts.co *.q.mgmts.co *.s.mgmts.co *.u.mgmts.co *.w.mgmts.co *.ww25.mgmts.co *.x.mgmts.co *.z.mgmts.co

mizbau.de *.mizbau.de

mlebxituhfpjxq.net *.mlebxituhfpjxq.net

ofilmyzilla.click *.ofilmyzilla.click

pacificliftbd.com *.pacificliftbd.com

pleasuremeet.com *.pleasuremeet.com

*.m1.rqfylya.com *.m10.rqfylya.com *.m12.rqfylya.com *.m16.rqfylya.com *.m20.rqfylya.com *.m21.rqfylya.com *.m26.rqfylya.com *.m29.rqfylya.com *.m36.rqfylya.com *.m38.rqfylya.com *.m40.rqfylya.com rqfylya.com *.rqfylya.com

sherabling.org *.sherabling.org

stakinghype.com *.stakinghype.com

superbiryaninepal.com *.superbiryaninepal.com

thelordbutecardiff.co.uk *.thelordbutecardiff.co.uk

*.dataix-by-minsk.userapi.co *.goo.userapi.co *.sun6-20.userapi.co *.sun6-23.userapi.co *.sun9-35.userapi.co *.sun9-47.userapi.co *.sun9-5.userapi.co *.sun9-7.userapi.co *.sun9-77.userapi.co *.ufanet.userapi.co userapi.co *.userapi.co

vintageairsoft.co.uk *.vintageairsoft.co.uk

z2fxdzbukv193d92h2t3.net *.z2fxdzbukv193d92h2t3.net