SSL Certificate Analysis for api.mitra77.bio - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=deen.academy

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 26, 2025

Valid Until

March 26, 2026 45 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DF:7D:51:68:14:8E:9D:99:F5:5D:C1:E8:ED:80:6E:86:FD:CF:94:7F:61:F3:27:88:6F:6C:66:48:76:B2:96:49

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

mitra77.bio *.mitra77.bio *.hqzjwsitemaps.mitra77.bio *.ppnvpn0j8u.mitra77.bio *.sitemaps.mitra77.bio *.www.mitra77.bio

Other domains in certificate

*.c6u.coajs.org coajs.org *.coajs.org *.random.coajs.org *.secure.coajs.org *.t5.coajs.org *.u.coajs.org *.v.coajs.org *.ww1.coajs.org *.www.coajs.org *.y.coajs.org

curseforge.fr *.curseforge.fr

deen.academy *.deen.academy

dhaskdliewile.click *.dhaskdliewile.click *.m.dhaskdliewile.click *.ns1.dhaskdliewile.click

floress.online *.floress.online

hr8uj4.xyz *.hr8uj4.xyz *.ww38.hr8uj4.xyz *.www.hr8uj4.xyz

*.cuuho.itvn.tech *.cuuhomaytinh.itvn.tech itvn.tech *.itvn.tech

kaisar.live *.kaisar.live

kmr.com.au *.kmr.com.au *.staging.kmr.com.au

magic-wb.online *.magic-wb.online

mainymozart.org *.mainymozart.org

moviefun.website *.moviefun.website

negbio.store *.negbio.store

*.1.newsforyou.me *.3.newsforyou.me *.8.newsforyou.me *.m.newsforyou.me *.mail.newsforyou.me newsforyou.me *.newsforyou.me

*.dns.nexdns.io *.ede.nexdns.io *.edege.nexdns.io *.edge.nexdns.io *.edgle.nexdns.io nexdns.io *.nexdns.io *.test.nexdns.io

nooritv.live *.nooritv.live *.www.nooritv.live

*.autodiscover.odanielrocha.com *.design.odanielrocha.com *.mail2.odanielrocha.com odanielrocha.com *.odanielrocha.com *.redator.odanielrocha.com *.rocketinfo.odanielrocha.com

readvagabond.online *.readvagabond.online

stvbyr.tech *.stvbyr.tech

tecneics.org *.tecneics.org

tencent64.site *.tencent64.site

tftonline.site *.tftonline.site

thegivebacklv.org *.thegivebacklv.org

torched.store *.torched.store

veritasriff.org *.veritasriff.org