SSL Certificate Analysis for lab.asadtechcafe.com - Security Grade & TLS Configuration

Certificate Information

Subject

CN=53221.top

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 31, 2026

Valid Until

May 01, 2026 83 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

53:83:5D:B3:9C:E9:45:CB:67:FC:4D:F7:E8:8D:69:97:76:DB:3B:C8:F0:9D:11:60:E9:18:5E:AE:A7:CC:29:1D

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

asadtechcafe.com *.asadtechcafe.com

Other domains in certificate

05050.loans *.05050.loans

238615.one *.238615.one

2500ps.com *.2500ps.com

283111.locker *.283111.locker

30627.agency *.30627.agency

33962.top *.33962.top

441201.locker *.441201.locker

49699.loan *.49699.loan

4wurhy.buzz *.4wurhy.buzz

52380.pizza *.52380.pizza

53221.top *.53221.top

53293.one *.53293.one

53404ss.com *.53404ss.com

534343.vip *.534343.vip

535268.vip *.535268.vip

536228.academy *.536228.academy

54589.locker *.54589.locker

559336.net *.559336.net

58516.pizza *.58516.pizza

669510.com *.669510.com

731582.loan *.731582.loan

76393.pictures *.76393.pictures

78075.pictures *.78075.pictures

813965.vip *.813965.vip

82019.locker *.82019.locker

820703.vip *.820703.vip

830228.cc *.830228.cc

86565.locker *.86565.locker

88889.boston *.88889.boston

92925.one *.92925.one

936821.one *.936821.one

99703.net *.99703.net

99732.net *.99732.net

99751.net *.99751.net

99773.net *.99773.net

a179b8.buzz *.a179b8.buzz

aba66.vip *.aba66.vip

affiniatherapeutics.com *.affiniatherapeutics.com

arab-souk.com *.arab-souk.com

azeyn.net *.azeyn.net

bissart.com *.bissart.com

boundlesstraveltrails.live *.boundlesstraveltrails.live

btygx.academy *.btygx.academy

c-spring.cool *.c-spring.cool