SSL Certificate Analysis for bebegimindanismani.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=aicommand.xyz

Issuer

C=US, O=Google Trust Services, CN=WR3

Valid From

October 05, 2025

Valid Until

January 03, 2026 53 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

16:AC:50:C3:B5:2A:7E:56:DA:62:DC:4E:FC:29:EB:F5:ED:36:29:C6:B6:60:98:63:CF:25:26:39:58:7A:DB:A2

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31556926

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

bebegimindanismani.com

Other domains in certificate

202strong.com

macys-cert.3dcloud.io

thechathamgroup.3diq.com

aicommand.xyz

allybike.com

almuerza.co

altijdbuiten.nl

apexcryptoloans.com

www.apftapp.com

aponiar.com

asianassignmenthelp.com

www.assinare.com.br

atomslearning.com

www.awhitehouse.net

www.baisampayans.com

apiv1.balamlabs.com

admin.balin.app

barboneitsolutions.com

admin.beleco.com

bjjcompete.com

dev-admin.bluewhale.kr

www.brainticklerband.com

www.burningmanstory.com

auth.captionly.co

webar.cedzlabs.com

chatondearu.fr

www.my.chessvision.ai

circumexperiencia.com

www.moca.co.in

retro.codezero.xyz

www.collegeoptionsfoundation.net

sundae.comicsans.games

staging-assets.connexusdigital.com

www.craftyspeechtherapy.com

cryptopollitos.com

cyclonic-sound.com

dailygameslink.com

decormood.mx

www.dosa-n-curry.com

myshipments.dpdlocal.co.uk

gandalf.dslrteam.com

dud.org

eightbitmafia.com

elementstest.com

ellistrin.com

www.epic.horse

online.flexstudio.co.za

admin.fmad.ca

form-handler.cc

www.forsalebymaker.com

futab.de

www.gief.app

glorybound.me

hhomeycares.com

jstara.org

kraijenoord.com

oshitate.kunimasu.com

auth.letscooknow.es

testdom-dev1.lfv.jp

www.lisaochmartin.se

www.longpham.ca

admin.lytte.app

www.marulamining.com

masterstkd.ca

www.mbanqer.com

www.mikel.io

link.moodby.com

mxsofieraven.com

www.mymodelrailroad.app

employeesassets.mysuperops.com

nestays.in

nobuco.at

app.nushala.com

app.petparker.com.br

blue.pwnd-nest.fr

disney-dashboard.redeam.io

assets.retreatyourself.com

app.roccai.com

ares.serenefire.com

link.serveats.in

ship-pro.io

www.shizen.vc

simpleclub.be

inspection.skyworker.no

slacklah.sg

blog.smokinserver.com

tealy.app

www.tekhand.com.br

uchidatomohisa.com

tecnolite.vende.io

televindu.vilmer.no

press.staging.weezer.fr

www.staff.portable.wellon-sol.jp

backgammon-links.wini.games

www.wqems.eu

yourshoppinglist.net

www.zerocoding.in

zio.games

chat.zwartbaard.com