SSL Certificate Analysis for app.firstmillionai.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=9yht.cc

Issuer

C=US, O=Let's Encrypt, CN=YR2

Valid From

June 10, 2026

Valid Until

September 08, 2026 79 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F3:3B:FD:FB:C9:2B:E4:2C:B8:DE:66:2C:0A:30:97:47:E0:BE:C4:FD:C6:3C:30:4E:D1:AE:40:BF:C2:D8:F9:EA

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

firstmillionai.com *.firstmillionai.com

Other domains in certificate

9yht.cc *.9yht.cc

a2aepoch.com *.a2aepoch.com

abtmstore.com *.abtmstore.com

anywairliv.com *.anywairliv.com

awjih.gdn *.awjih.gdn

bcap.xyz *.bcap.xyz

beautyloves.live *.beautyloves.live

boldwindpath.com *.boldwindpath.com

bozza.xyz *.bozza.xyz

ccsa.xyz *.ccsa.xyz

conversionhk.agency *.conversionhk.agency

ctcinstituteteam.com *.ctcinstituteteam.com

djwzwup352.vip *.djwzwup352.vip

dosomailwck.bid *.dosomailwck.bid

earthtorgw.com *.earthtorgw.com

ee881.top *.ee881.top

elaine665.my *.elaine665.my

ergtrust.com *.ergtrust.com

esst.xyz *.esst.xyz

fairmarkt.co *.fairmarkt.co

fk71x.top *.fk71x.top

fluxentequity.org *.fluxentequity.org

forcer.co *.forcer.co

gameaviator.dev *.gameaviator.dev

gamemines.org *.gamemines.org

gina506.my *.gina506.my

glux29t4th9jgd.cc *.glux29t4th9jgd.cc

gogocloudapp.com *.gogocloudapp.com

goldenempirevn.info *.goldenempirevn.info

greygoose.xyz *.greygoose.xyz

groundeddiycrafts.live *.groundeddiycrafts.live

hj25may19f.top *.hj25may19f.top

hjd366.com *.hjd366.com

hthix.loan *.hthix.loan

hyyup.mom *.hyyup.mom

ibrahimkreidieh.net *.ibrahimkreidieh.net

ideasparkaipartners.com *.ideasparkaipartners.com

iloqs55.com *.iloqs55.com

imsc.xyz *.imsc.xyz

jkobd.vip *.jkobd.vip

justiicemate.net *.justiicemate.net

ke999.my *.ke999.my

kerfl.vip *.kerfl.vip