SSL Certificate Analysis for localhost.fibrootsbags.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=explore-beyond.click

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 06, 2026

Valid Until

May 07, 2026 86 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

17:A0:92:99:55:46:22:42:F6:55:6D:89:94:61:17:3E:02:4D:15:D9:8F:5B:A8:77:85:92:47:69:0E:67:6F:8B

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

fibrootsbags.com *.fibrootsbags.com

Other domains in certificate

explore-beyond.click *.explore-beyond.click

eym.cc *.eym.cc

ezuwail.com *.ezuwail.com

feelingsonline.com *.feelingsonline.com

fexbfebui.com *.fexbfebui.com

fightclubfitness.com *.fightclubfitness.com

fightingpollution.com *.fightingpollution.com

filehop.com *.filehop.com

filme-online.website *.filme-online.website

filmytrend.com *.filmytrend.com

financialgoals.it *.financialgoals.it

findairconditionerwork-insp.click *.findairconditionerwork-insp.click

findingusapaymentsservicehq.com *.findingusapaymentsservicehq.com

fisioterapiabalance.es *.fisioterapiabalance.es

fit.house *.fit.house

fit2function.com *.fit2function.com

fitflop-shoes.us *.fitflop-shoes.us

fixuae.xyz *.fixuae.xyz

fizzzhost.xyz *.fizzzhost.xyz

fkuwr.bid *.fkuwr.bid

fluiduiuxlabs.com *.fluiduiuxlabs.com

fodui.com *.fodui.com

fouleesdesneiges.be *.fouleesdesneiges.be

fqpam.net *.fqpam.net

gachaagen138.com *.gachaagen138.com

gb-hca-courses.click *.gb-hca-courses.click

getleadfieldai.com *.getleadfieldai.com

getthenextgensalesleaderscrew.com *.getthenextgensalesleaderscrew.com

gfm13c3m.top *.gfm13c3m.top

ghdgf.services *.ghdgf.services

giftcardsprepaid.com *.giftcardsprepaid.com

gigatea.es *.gigatea.es

gkpheltxh.cc *.gkpheltxh.cc

glenhuntley.com *.glenhuntley.com

gloshare.link *.gloshare.link

gmyxnkc272.vip *.gmyxnkc272.vip

goldenbyumppu.fi *.goldenbyumppu.fi

gologger.com *.gologger.com

gomydonutnews.com *.gomydonutnews.com

gossipchatblend.live *.gossipchatblend.live

gossiprushnetwork.live *.gossiprushnetwork.live

gourmetmaple.com *.gourmetmaple.com

gov6.gay *.gov6.gay

gpts.my *.gpts.my