SSL Certificate Analysis for app.fiforkids.net - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=nassini.click

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 20, 2026

Valid Until

August 18, 2026 65 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

8E:68:9D:40:C6:07:60:3D:02:0D:14:89:B4:1B:D4:56:3D:6A:6C:C9:C3:5C:AD:8F:D4:DC:D3:2E:7A:6F:0E:D8

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

fiforkids.net *.fiforkids.net *.app.fiforkids.net

Other domains in certificate

*.0db31087-5e32-4a29-ab6d-ab00515ef06b.brickoven.in brickoven.in *.brickoven.in *.hostmaster.brickoven.in *.m.brickoven.in *.ns1.brickoven.in *.ns2.brickoven.in

*.app.bungjp.com bungjp.com *.bungjp.com *.fcdaqweb.bungjp.com *.img.bungjp.com *.m.bungjp.com *.rd.bungjp.com *.rdweb.bungjp.com *.remote.bungjp.com *.web.bungjp.com

customtrackmasters.com *.customtrackmasters.com *.www.customtrackmasters.com

elpatronautoserviceandmufflers.de *.elpatronautoserviceandmufflers.de

*.admin.gradinata.com gradinata.com *.gradinata.com *.hostmaster.gradinata.com *.mail.gradinata.com *.mail2.gradinata.com

*.9mkkpr.hohhot.org hohhot.org *.hohhot.org *.m.hohhot.org *.www.hohhot.org

inovdesign.com *.inovdesign.com

megaaction433.shop *.megaaction433.shop

*.admin.monthdrop.com *.backups.monthdrop.com *.demo.monthdrop.com *.dev.monthdrop.com *.hostmaster.monthdrop.com *.mhqlmdev.monthdrop.com monthdrop.com *.monthdrop.com *.qa.monthdrop.com *.www.monthdrop.com

mymoviez.co *.mymoviez.co

mysteryspace616.info *.mysteryspace616.info

mywifiext.co *.mywifiext.co

nashvoss.co *.nashvoss.co

nassini.click *.nassini.click

nuroflix.site *.nuroflix.site

*.ildcard.ooov.net ooov.net *.ooov.net *.su.ooov.net *.wh00.ooov.net *.wildcard.ooov.net

rpzwf.loan *.rpzwf.loan

secretsales.co *.secretsales.co

shopsurvivalgear.co *.shopsurvivalgear.co

volnation.co *.volnation.co

*.a.zyy50.top *.b.zyy50.top *.c.zyy50.top *.d.zyy50.top *.e.zyy50.top *.g.zyy50.top *.game.zyy50.top *.i.zyy50.top *.ios.zyy50.top *.j.zyy50.top *.k.zyy50.top *.ww16.zyy50.top zyy50.top *.zyy50.top