SSL Certificate Analysis for lab.phildax.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=ly-be.click

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 15, 2026

Valid Until

July 14, 2026 54 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

47:DE:54:E2:2D:14:73:C8:D9:FE:E3:20:FB:77:82:A8:89:D2:78:C7:C4:C3:DC:09:8F:9E:59:3F:08:96:26:8D

Alternative Names

87 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

87 domains

phildax.com *.phildax.com *.api-check.phildax.com *.assets.phildax.com *.autodiscover.phildax.com *.backend-api.phildax.com *.bigquery.phildax.com *.blog.phildax.com *.blogs.phildax.com *.cart-stage.phildax.com *.cdn-dev.phildax.com *.checkout.phildax.com *.demo.phildax.com *.email.phildax.com *.healthcheck.phildax.com *.images.phildax.com *.lab.phildax.com *.notexistshostmaster.phildax.com *.rds.phildax.com *.sql1.phildax.com *.stage.phildax.com *.steuma.phildax.com *.store.phildax.com *.uploads.phildax.com

Other domains in certificate

bellatrixtv.xyz *.bellatrixtv.xyz *.random.bellatrixtv.xyz

*.anthony-sound.btvplus.com btvplus.com *.btvplus.com *.ns1.btvplus.com *.ns3.btvplus.com

cbbufferdx.me *.cbbufferdx.me

clen.life *.clen.life

firmazgodnazrodo.pl *.firmazgodnazrodo.pl *.mail.firmazgodnazrodo.pl *.phxmbyceq.firmazgodnazrodo.pl *.pq4ldp5zi.firmazgodnazrodo.pl *.ww16.firmazgodnazrodo.pl

*.bolcske.fp7-advantage.eu fp7-advantage.eu *.fp7-advantage.eu *.pecs.fp7-advantage.eu *.tornaszentandras.fp7-advantage.eu

girlcentre.com *.girlcentre.com *.video.girlcentre.com

jerseyvillechiroandrehab.net *.jerseyvillechiroandrehab.net

labogolfsud.com *.labogolfsud.com

ly-be.click *.ly-be.click

maryam.life *.maryam.life

mgmarket6.cc *.mgmarket6.cc

ottiinsurance.com *.ottiinsurance.com

*.harga-genteng-morando-glazur.oxyver.space oxyver.space *.oxyver.space *.race-3-belmont-park.oxyver.space *.ww38.oxyver.space

panicgone.co.uk *.panicgone.co.uk

*.random.relishcoincidencehandbag.com relishcoincidencehandbag.com *.relishcoincidencehandbag.com

rru9.icu *.rru9.icu *.ww25.rru9.icu

rtpslotgacor678.pro *.rtpslotgacor678.pro

*.auth.soulmate.bio *.instance.soulmate.bio *.ml.soulmate.bio soulmate.bio *.soulmate.bio

theworldvisaservice.com *.theworldvisaservice.com

wealthfront.pro *.wealthfront.pro *.ww25.wealthfront.pro