SSL Certificate Analysis for bagaceira.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=livekindlly.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 12, 2026

Valid Until

May 13, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

83:9A:FE:2E:A8:68:53:58:F4:50:64:6F:A6:4F:A6:E1:75:1A:EA:13:09:36:F4:E4:F9:F4:F0:36:DF:2F:62:F3

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

bagaceira.com *.bagaceira.com

Other domains in certificate

805769.club *.805769.club

*.0b1933e3-87a7-491e-8e3d-74aa34553ec8.coffeeonape.xyz *.1yme1.coffeeonape.xyz *.2194l.coffeeonape.xyz *.3ugcn.coffeeonape.xyz *.78z68.coffeeonape.xyz *.89wkp.coffeeonape.xyz *.api.coffeeonape.xyz *.ayfpk.coffeeonape.xyz *.bbtzml7nqb.coffeeonape.xyz coffeeonape.xyz *.coffeeonape.xyz *.d.coffeeonape.xyz *.demo.coffeeonape.xyz *.fcvkr.coffeeonape.xyz *.fdy0p.coffeeonape.xyz *.gcn.coffeeonape.xyz *.images.coffeeonape.xyz *.jyassntqrbshop.coffeeonape.xyz *.l7nqb.coffeeonape.xyz *.mail1.coffeeonape.xyz *.ntqrbshop.coffeeonape.xyz *.portal.coffeeonape.xyz *.pwb3b.coffeeonape.xyz *.ricpznktjv.coffeeonape.xyz *.snx68.coffeeonape.xyz *.u46cv.coffeeonape.xyz *.wsct4.coffeeonape.xyz

*.admin.livekindlly.com livekindlly.com *.livekindlly.com *.mail.livekindlly.com *.staging.livekindlly.com *.ww7.livekindlly.com

*.admin.longevidad.ac longevidad.ac *.longevidad.ac *.support.longevidad.ac *.uiwmiadmin.longevidad.ac

*.dw.niceink.cc *.img.niceink.cc *.mta-sts.niceink.cc niceink.cc *.niceink.cc *.zg.niceink.cc

*.dashboard.ppppgaad.com *.demo.ppppgaad.com *.gwencbackup.ppppgaad.com *.hostmaster.ppppgaad.com *.marketing.ppppgaad.com ppppgaad.com *.ppppgaad.com *.qa.ppppgaad.com *.remote.ppppgaad.com *.shop.ppppgaad.com *.staging2.ppppgaad.com *.test.ppppgaad.com *.xajwrvtrorcloud.ppppgaad.com

quickhomeloans.com.au *.quickhomeloans.com.au

radiounicalaplata.com *.radiounicalaplata.com *.sitio2018.radiounicalaplata.com *.webdisk.radiounicalaplata.com

*.academy.royalmedicalservices.com *.admin.royalmedicalservices.com *.journal.royalmedicalservices.com royalmedicalservices.com *.royalmedicalservices.com *.verify-certificate.royalmedicalservices.com

talkbootspharmacy.com *.talkbootspharmacy.com

*.api.terribile.com terribile.com *.terribile.com

*.52ec567f-b028-4a9b-98e7-999ede77541d.tuberplay.com *.localhost.tuberplay.com tuberplay.com *.tuberplay.com *.ww38.tuberplay.com

worldofgarb.com *.worldofgarb.com

*.secure.yoloactive.academy *.test.yoloactive.academy yoloactive.academy *.yoloactive.academy