SSL Certificate Analysis for ci.huidou.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=lifetimecosmetics.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

March 07, 2026

Valid Until

June 05, 2026 57 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

98:86:6C:58:98:4A:5B:90:30:14:B3:DF:E4:B2:0A:EC:D7:49:A1:1E:A2:43:EF:0B:1E:61:1E:D5:0C:14:C3:4C

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

huidou.com *.huidou.com *.ci.huidou.com *.jenkins.huidou.com *.pool.huidou.com *.test.huidou.com *.ww16.huidou.com

Other domains in certificate

altekone.org *.altekone.org *.anikamarcella.altekone.org *.briamichele.altekone.org *.dallasaddison.altekone.org *.julietheresa.altekone.org *.kelseashakira.altekone.org *.staciecolleen.altekone.org *.stacijamie.altekone.org

baggy.it *.baggy.it *.mx.baggy.it *.remote.baggy.it

*.3d14adc2-4b25-42cc-8257-1cf5b7a53a0c.binance-a.navy *.9ea3ae61-0a50-4706-b044-d8290f8f3a70.binance-a.navy *.admin.binance-a.navy *.api.binance-a.navy *.app.binance-a.navy *.b6b58d15-a5f1-4736-969e-58c483d21219.binance-a.navy binance-a.navy *.binance-a.navy *.bot.binance-a.navy *.dashboard.binance-a.navy *.demo.binance-a.navy *.dev.binance-a.navy *.ftp.binance-a.navy *.hostmaster.binance-a.navy *.m.binance-a.navy *.panel.binance-a.navy *.qir4fuyutizn5d5qow6qic51f5pio2wz.binance-a.navy *.random.binance-a.navy *.test.binance-a.navy *.user.binance-a.navy *.www.binance-a.navy

caswex.com *.caswex.com

*.2isk5.cqszx.com.cn cqszx.com.cn *.cqszx.com.cn *.yyd9f3.cqszx.com.cn

*.api.falchi.it *.data.falchi.it *.demo.falchi.it *.email.falchi.it falchi.it *.falchi.it *.mx.falchi.it *.p.falchi.it *.staging.falchi.it *.superset.falchi.it

*.demo.hotelfes.com hotelfes.com *.hotelfes.com *.www.hotelfes.com

*.http.jernih.com jernih.com *.jernih.com *.m.jernih.com *.random.jernih.com *.store.jernih.com *.wiki.jernih.com *.ww16.jernih.com *.ww17.jernih.com *.ww25.jernih.com

lifetimecosmetics.com *.lifetimecosmetics.com *.vpn.lifetimecosmetics.com *.www.lifetimecosmetics.com

*.c.masterleague.net masterleague.net *.masterleague.net *.ww25.masterleague.net

*.email.meadwood.com *.files.meadwood.com meadwood.com *.meadwood.com

memestudio.co *.memestudio.co

moxing.cam *.moxing.cam *.www.moxing.cam