DNS Gurus
Cached · just now
76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1
Let's Encrypt logo Let's Encrypt

Certificate Information

Subject
CN=kynukiemdinh.xyz
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
March 18, 2026
Valid Until
June 16, 2026 38 days
Public Key
RSA 4096 bit Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3F:97:1F:9D:B8:23:63:85:37:A2:A5:3D:A6:AE:B4:03:A6:D2:FC:57:71:ED:38:CE:23:4B:67:83:0B:C6:8A:9F
Alternative Names
90 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured Analyze
Content-Security-Policy-Report-Only
Missing
Not configured Analyze
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains
jexamples.com *.jexamples.com *.ww16.jexamples.com *.ww38.jexamples.com

Other domains in certificate

68k.it *.68k.it *.admin.68k.it *.api.68k.it *.app.68k.it *.dev.68k.it *.random.68k.it *.remote.68k.it
aqarac.com *.aqarac.com *.qa.aqarac.com *.uae.aqarac.com
*.intranet.kynukiemdinh.xyz kynukiemdinh.xyz *.kynukiemdinh.xyz
*.binzhou.lecarobio.com *.egg.lecarobio.com lecarobio.com *.lecarobio.com *.little.lecarobio.com *.seasons.lecarobio.com *.sore.lecarobio.com
*.7919b650-36a2-4318-b20f-a23fa8722853.letterpost.app *.admin.letterpost.app *.api.letterpost.app *.app.letterpost.app *.assets.letterpost.app *.blog.letterpost.app *.demo.letterpost.app *.dev.letterpost.app *.en.letterpost.app *.hostmaster.letterpost.app letterpost.app *.letterpost.app *.news.letterpost.app *.press.letterpost.app *.test.letterpost.app *.wchpetest.letterpost.app *.www.letterpost.app
*.21cc0ca3-0231-451f-9d7f-3e4dae0a2166.photbox.fr *.compte.photbox.fr *.darty.photbox.fr *.external.photbox.fr *.glpi.photbox.fr *.intranet.photbox.fr photbox.fr *.photbox.fr *.portal.photbox.fr *.share.photbox.fr *.sharepoint.photbox.fr *.support.photbox.fr
*.hostmaster.remaxpinnacle.ca remaxpinnacle.ca *.remaxpinnacle.ca *.vpn.remaxpinnacle.ca *.www.remaxpinnacle.ca
*.admin.ricomind.my *.api.ricomind.my *.app.ricomind.my *.atwtoadmin.ricomind.my *.c9e2fd11-4bfe-4051-8914-866e9a1f1a3d.ricomind.my *.demo.ricomind.my *.hostmaster.ricomind.my ricomind.my *.ricomind.my *.test.ricomind.my
*.demo.rocktix.com *.eynram.rocktix.com *.m.rocktix.com rocktix.com *.rocktix.com
sorrelmarket.com *.sorrelmarket.com *.ww38.sorrelmarket.com
*.api.trybroski.com *.app.trybroski.com *.demo.trybroski.com *.dev.trybroski.com *.qa.trybroski.com trybroski.com *.trybroski.com
*.admin.weidance.com *.email.weidance.com weidance.com *.weidance.com *.www6.weidance.com