SSL Certificate Analysis for api.thelifediet.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=westillo.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 09, 2026

Valid Until

April 09, 2026 64 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F6:76:C1:4A:37:61:9A:14:4B:F1:1B:9E:77:18:6B:D4:54:A6:B1:76:FE:E7:F0:C9:CA:AF:A2:4C:9F:77:D4:43

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

thelifediet.com *.thelifediet.com *.apps.thelifediet.com *.ildcard.thelifediet.com *.ww16.thelifediet.com

Other domains in certificate

alobet503.com *.alobet503.com *.games.alobet503.com *.m.alobet503.com

conservationist.org *.conservationist.org

*.client.ecotherapist.com ecotherapist.com *.ecotherapist.com *.exchange.ecotherapist.com *.ufa.ecotherapist.com *.users.ecotherapist.com *.video.ecotherapist.com *.ww16.ecotherapist.com *.ww25.ecotherapist.com

favik.io *.favik.io *.investor.favik.io *.ww25.favik.io

ktotut.me *.ktotut.me *.ww38.ktotut.me

ledlighting.au *.ledlighting.au

*.down.letstalk-chinaese.cc letstalk-chinaese.cc *.letstalk-chinaese.cc *.ww25.letstalk-chinaese.cc

minecrafteando.com *.minecrafteando.com

naya.bet *.naya.bet

neventum.one *.neventum.one

*.3xtv.onlyfansfreeoficial.com *.acortador.onlyfansfreeoficial.com *.appscelulares.onlyfansfreeoficial.com *.cdn.onlyfansfreeoficial.com *.com.onlyfansfreeoficial.com *.fulltv.onlyfansfreeoficial.com *.juegosparacelulares.onlyfansfreeoficial.com *.maxtv.onlyfansfreeoficial.com *.mesotheliomatriallawyer.onlyfansfreeoficial.com onlyfansfreeoficial.com *.onlyfansfreeoficial.com *.tufutboltv.onlyfansfreeoficial.com *.tupajatv.onlyfansfreeoficial.com *.ww38.onlyfansfreeoficial.com

paeoniacafe.co.uk *.paeoniacafe.co.uk

renewdomaine.com *.renewdomaine.com

*.ar.seryestar.com *.cp.seryestar.com seryestar.com *.seryestar.com *.www.seryestar.com

sportstreamz.co.uk *.sportstreamz.co.uk *.www.sportstreamz.co.uk

*.app.startmyfit.com startmyfit.com *.startmyfit.com

surveyheroic.store *.surveyheroic.store *.ww16.surveyheroic.store *.ww25.surveyheroic.store *.ww38.surveyheroic.store

*.rl.tangocard.co tangocard.co *.tangocard.co

*.comune.unimedcentralnacional.com.br *.ns1.unimedcentralnacional.com.br unimedcentralnacional.com.br *.unimedcentralnacional.com.br

*.kellen.westillo.com westillo.com *.westillo.com

*.app.xphim69.com *.ddos.xphim69.com *.proxy.xphim69.com *.ww38.xphim69.com xphim69.com *.xphim69.com