SSL Certificate Analysis for com.onfights.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=she12.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 25, 2026

Valid Until

August 23, 2026 81 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

10:4B:C2:BC:9D:46:E1:A5:91:B9:84:16:54:7A:A0:96:03:F9:76:64:9A:87:C6:98:D1:B4:3C:9B:AF:A5:64:90

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

onfights.com *.onfights.com *.com.onfights.com

Other domains in certificate

bedej.com *.bedej.com *.img1-fg.bedej.com

bonsai.wiki *.bonsai.wiki *.hostmaster.bonsai.wiki *.www.bonsai.wiki

heitmiller.com *.heitmiller.com *.ww17.heitmiller.com *.ww25.heitmiller.com *.ww31.heitmiller.com *.ww38.heitmiller.com

*.cdn.imgopt.xyz *.hostmaster.imgopt.xyz imgopt.xyz *.imgopt.xyz *.ww38.imgopt.xyz *.www.imgopt.xyz

*.admin.laughatrice.com *.co.laughatrice.com *.hostmaster.laughatrice.com laughatrice.com *.laughatrice.com *.www.laughatrice.com

*.factory.leyjaypharm.com leyjaypharm.com *.leyjaypharm.com

*.dev.moneycasino.top moneycasino.top *.moneycasino.top

netson.co *.netson.co *.sitemap.netson.co

newjersey.com.au *.newjersey.com.au *.ww25.newjersey.com.au

refreshvoiceformteam.info *.refreshvoiceformteam.info *.u3fxlu.refreshvoiceformteam.info

*.ipv6.she12.com she12.com *.she12.com

*.ebppsmtpbk.taipower.xyz *.ebppsmtpt.taipower.xyz *.mail.taipower.xyz taipower.xyz *.taipower.xyz

*.6d0c829f-193f-42da-9644-aad37b055573.tranzio.info *.a.tranzio.info *.api.tranzio.info *.backup.tranzio.info *.dev.tranzio.info *.staging.tranzio.info tranzio.info *.tranzio.info *.uat.tranzio.info

*.76205e40-5049-4a6d-80fe-340ac99a3cdb.vibemarketing.ad vibemarketing.ad *.vibemarketing.ad *.www.vibemarketing.ad

*.admin.xplor.app *.app.xplor.app *.backend.xplor.app *.blog.xplor.app *.com.xplor.app *.demo.xplor.app *.dev-analytic.xplor.app *.m.xplor.app *.mail.xplor.app *.mailin1.xplor.app *.mailrelay.xplor.app *.members.xplor.app *.mx1.xplor.app *.post.xplor.app *.server.xplor.app *.shop.xplor.app *.smtp3.xplor.app *.test.xplor.app *.webmail.xplor.app *.ww53.xplor.app *.ww82.xplor.app *.www.xplor.app xplor.app *.xplor.app *.yueqamailin1.xplor.app