SSL Certificate Analysis for lilypasted.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=lilypasted.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 09, 2026

Valid Until

August 07, 2026 87 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

ED:ED:E4:F0:E5:3E:61:C3:A1:3A:84:EF:00:8C:98:F5:D3:7B:5A:C4:7D:75:73:2D:5A:43:07:45:34:D9:B5:34

Alternative Names

50 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

50 domains

lilypasted.com *.lilypasted.com *.ww25.lilypasted.com

Other domains in certificate

1971bet.vip *.1971bet.vip

brownsapartments.com.au *.brownsapartments.com.au *.data.brownsapartments.com.au *.ww38.brownsapartments.com.au

filma24.bz *.filma24.bz *.wildcard.filma24.bz *.ww12.filma24.bz *.ww25.filma24.bz *.ww7.filma24.bz *.www.filma24.bz

gandosh.online *.gandosh.online *.iwak.gandosh.online *.j1zy8qt7voonnt7a.gandosh.online *.top.gandosh.online *.us.gandosh.online *.uwik.gandosh.online

h100.pro *.h100.pro

hoshianime.pl *.hoshianime.pl *.ww25.hoshianime.pl

jinglemarket.club *.jinglemarket.club *.ww38.jinglemarket.club

oceantrenchoffshore.com *.oceantrenchoffshore.com

ourkingdom.net *.ourkingdom.net

panicpayment.com *.panicpayment.com *.random.panicpayment.com *.ww38.panicpayment.com

reggaetonsamples.com *.reggaetonsamples.com *.smtp01.reggaetonsamples.com

saxy.pro *.saxy.pro

siwa77.shop *.siwa77.shop

smartstickers.shop *.smartstickers.shop

surter.shop *.surter.shop