SSL Certificate Analysis for csitj.cn - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=nazas.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

May 18, 2026

Valid Until

August 16, 2026 59 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B3:C2:3D:5F:01:5C:B4:F4:16:03:29:A3:36:64:BC:20:C8:22:BF:61:60:E4:7E:E5:3D:18:70:BC:E7:7F:AC:96

Alternative Names

88 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

88 domains

csitj.cn *.csitj.cn

Other domains in certificate

448379v.cc *.448379v.cc *.www.448379v.cc

cadastroonlineparaoenem.info *.cadastroonlineparaoenem.info

cadastroonlineparaoenem2025.info *.cadastroonlineparaoenem2025.info

casselenia.co *.casselenia.co

championsnewagenttraining.info *.championsnewagenttraining.info

chaturbatr.co *.chaturbatr.co

checkthisyo.com *.checkthisyo.com

comostone.co *.comostone.co

comvsco.co *.comvsco.co *.youtube.comvsco.co

conflictnations.co *.conflictnations.co

crisanet.org *.crisanet.org

cryra.com *.cryra.com

cunninlynguists.co *.cunninlynguists.co

dagame.co *.dagame.co

davewalterbmw.com *.davewalterbmw.com

dehaasdesign.co *.dehaasdesign.co

dfyprompt.co *.dfyprompt.co

dimesisepuede.com *.dimesisepuede.com

dollarstream.co *.dollarstream.co

drchawtoo.co *.drchawtoo.co

gptyou.xyz *.gptyou.xyz *.tm.gptyou.xyz

*.img1-fg.nazas.com nazas.com *.nazas.com

*.img5.slotomaniaonline.top slotomaniaonline.top *.slotomaniaonline.top

thefutureagency.com *.thefutureagency.com

tonykim.co *.tonykim.co

tpb-visit.me *.tpb-visit.me

tsescort.co *.tsescort.co *.ww38.tsescort.co

tube8live.co *.tube8live.co

tuki.mx *.tuki.mx

uyomj.top *.uyomj.top

vipbaskets.co *.vipbaskets.co

westcoastolivecompany.co *.westcoastolivecompany.co

wrvni.qpon *.wrvni.qpon

wsoctv.co *.wsoctv.co

xn--55qx5dk2zqv1b.com *.xn--55qx5dk2zqv1b.com

*.sitemaps.xn--in2b73z.com xn--in2b73z.com *.xn--in2b73z.com

xn--xuu57c20r4xa.com *.xn--xuu57c20r4xa.com

*.apple9.xn--yet.com xn--yet.com *.xn--yet.com

yoexo.com *.yoexo.com