SSL Certificate Analysis for api.validi.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=darksouls.it

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

June 02, 2026

Valid Until

August 31, 2026 85 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A3:E3:20:E0:D6:2D:50:A3:D0:5D:50:E0:62:65:E7:E0:B5:D0:50:63:61:92:B5:17:A9:54:2F:C4:A3:04:5A:CC

Alternative Names

84 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

84 domains

validi.com *.validi.com *.a.validi.com *.api.validi.com *.bb.validi.com *.ei.validi.com *.qa.validi.com *.test3.validi.com

Other domains in certificate

accfei.org *.accfei.org

*.admin.bayclub.it *.app.bayclub.it bayclub.it *.bayclub.it *.demo.bayclub.it *.hostmaster.bayclub.it *.www.bayclub.it

beadpalaceinc.com *.beadpalaceinc.com *.mail.beadpalaceinc.com *.ww25.beadpalaceinc.com *.ww38.beadpalaceinc.com

chengforjustice.com *.chengforjustice.com

computerrecovery.au *.computerrecovery.au *.ildcard.computerrecovery.au *.random.computerrecovery.au *.ww16.computerrecovery.au

comsys.au *.comsys.au *.mailserver.comsys.au

*.app.darksouls.it *.backend.darksouls.it darksouls.it *.darksouls.it *.dash.darksouls.it

*.114514.futa.com *.admission.futa.com *.brazzers.futa.com *.cartoon.futa.com *.dan.futa.com *.dmitrys.futa.com *.ds.futa.com *.edu.futa.com *.firars.futa.com futa.com *.futa.com *.gateway.futa.com *.hsoitgcmesafma.futa.com *.i.futa.com *.marie.futa.com *.naruto.futa.com *.privacy.futa.com *.random.futa.com *.remita.futa.com *.spgs.futa.com *.tiny.futa.com *.ww.futa.com *.ww38.futa.com *.www.futa.com *.xhanmers.futa.com *.xnxx.futa.com *.xvideos.futa.com *.xxx.futa.com

myhealth.cash *.myhealth.cash *.pay.myhealth.cash

*.alliedhealth.pima.cc *.brown.pima.cc pima.cc *.pima.cc *.sc.pima.cc

*.mail.ruse.com.au *.mailing.ruse.com.au *.mx.ruse.com.au ruse.com.au *.ruse.com.au *.ww11.ruse.com.au *.ww25.ruse.com.au

worlddailytips.com *.worlddailytips.com

xn--tanzbungen-deb.de *.xn--tanzbungen-deb.de