Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=oneflixhd.xyz
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
May 13, 2026
Valid Until
August 11, 2026
82 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
13:F9:0B:07:3E:BB:9A:84:F9:05:BC:4B:A6:DD:3C:D8:5A:9A:2A:4F:DA:A7:62:9D:F9:72:23:20:EB:AB:E9:26
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
kindlesavers.com
*.kindlesavers.com
*.alpha.kindlesavers.com
*.beta.kindlesavers.com
*.cdn.kindlesavers.com
*.co.kindlesavers.com
*.development.kindlesavers.com
*.download.kindlesavers.com
*.german.kindlesavers.com
*.stat.kindlesavers.com
*.wap.kindlesavers.com
*.ww25.kindlesavers.com
accused.au
*.accused.au
*.ww38.accused.au
*.0d6ab799-8d40-4bbf-856c-afc5b8b366b4.aqarset.net
*.1c138512-b5e7-4583-91bd-355b1041f4e3.aqarset.net
*.api.aqarset.net
*.app.aqarset.net
aqarset.net
*.aqarset.net
*.backend.aqarset.net
*.dev.aqarset.net
*.members.aqarset.net
*.portal.aqarset.net
*.rdweb.aqarset.net
*.server.aqarset.net
*.wztqmportal.aqarset.net
*.32.astraszenecainvest.info
astraszenecainvest.info
*.astraszenecainvest.info
clic.studio
*.clic.studio
*.comune.clic.studio
*.mail.clic.studio
*.api.dwkmo.xyz
*.dev.dwkmo.xyz
dwkmo.xyz
*.dwkmo.xyz
*.mail.dwkmo.xyz
*.oubrhadmin.dwkmo.xyz
*.www.dwkmo.xyz
insneakers.de
*.insneakers.de
*.cdn.oneflixhd.xyz
*.dc-48cbcb57bee7.oneflixhd.xyz
oneflixhd.xyz
*.oneflixhd.xyz
*.ww38.oneflixhd.xyz
otalsportek-original.online
*.otalsportek-original.online
*.ww16.otalsportek-original.online
*.ww25.otalsportek-original.online
qrisdepo5000.org
*.qrisdepo5000.org
*.sql2iz.qrisdepo5000.org
rob5.us
*.rob5.us
*.usww38.rob5.us
*.ww38.rob5.us
*.api.sde-bhexmanjkt.org
*.app.sde-bhexmanjkt.org
*.dev.sde-bhexmanjkt.org
*.f8dbbb13-882d-462b-8385-4fedbe6e3479.sde-bhexmanjkt.org
sde-bhexmanjkt.org
*.sde-bhexmanjkt.org
*.staging.sde-bhexmanjkt.org
*.testing.sde-bhexmanjkt.org
*.un4xqa.sde-bhexmanjkt.org
*.admin.showersets.com
*.app.showersets.com
*.dev.showersets.com
showersets.com
*.showersets.com
thekingdomofstuffedanimals.com
*.thekingdomofstuffedanimals.com
*.8f417564-bd24-4a0e-a2b0-c79b151b1fea.threedee.art
*.assis.threedee.art
threedee.art
*.threedee.art
*.by.vanguardglassblock.com
*.integration.vanguardglassblock.com
*.preview.vanguardglassblock.com
*.superset.vanguardglassblock.com
*.tech.vanguardglassblock.com
*.test.vanguardglassblock.com
vanguardglassblock.com
*.vanguardglassblock.com
*.ww25.vanguardglassblock.com
*.www.vanguardglassblock.com
Other domains in certificate