SSL Certificate Analysis for manati.net - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=47989.xyz

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 26, 2026

Valid Until

August 24, 2026 75 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

27:1B:B4:1A:15:A5:64:B7:13:41:1B:CE:69:B1:5E:76:D2:96:81:89:31:F4:F1:35:FB:75:D0:92:3D:AD:1C:07

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

manati.net *.manati.net *.dan.manati.net

Other domains in certificate

*.0d87b2b4-2cff-4afd-ac1d-4ded7f63a650.47989.xyz *.1893918.47989.xyz *.4085931.47989.xyz 47989.xyz *.47989.xyz *.9293453.47989.xyz *.9ea7b883-0cfc-4778-91c0-79bc9107eab0.47989.xyz *.adm.47989.xyz *.api.47989.xyz *.ayfpk.47989.xyz *.bbcc1f63-99ce-4d1a-b100-6a412c9f78a0.47989.xyz *.civoh.47989.xyz *.h5.47989.xyz *.jeefdcivoh.47989.xyz *.kwid9.47989.xyz *.nan1j.47989.xyz

aiforallhub.com *.aiforallhub.com *.shop.aiforallhub.com

austincityroleplay.xyz *.austincityroleplay.xyz *.cad.austincityroleplay.xyz *.cdn.austincityroleplay.xyz *.dept.austincityroleplay.xyz *.deptpanel.austincityroleplay.xyz *.duty.austincityroleplay.xyz *.dutylogs.austincityroleplay.xyz *.staffpanel.austincityroleplay.xyz *.ww38.austincityroleplay.xyz

buykineticsmartwatch.com *.buykineticsmartwatch.com *.checkout.buykineticsmartwatch.com *.offer.buykineticsmartwatch.com *.product.buykineticsmartwatch.com *.ww12.buykineticsmartwatch.com *.ww7.buykineticsmartwatch.com

emmastephenslmt.com *.emmastephenslmt.com *.ww38.emmastephenslmt.com

*.crm.gulrannet.net gulrannet.net *.gulrannet.net

*.crm.humourgadgets.com humourgadgets.com *.humourgadgets.com

*.admin.karmi.it karmi.it *.karmi.it *.remote.karmi.it *.staging.karmi.it

*.32.mostlyirrelevant.info mostlyirrelevant.info *.mostlyirrelevant.info

movizland.one *.movizland.one *.ww38.movizland.one

patrolaval.co *.patrolaval.co

*.img.pic1.xyz pic1.xyz *.pic1.xyz *.ww25.pic1.xyz

*.ai.richardsongymnastics.com *.china.richardsongymnastics.com *.cicd.richardsongymnastics.com *.code.richardsongymnastics.com *.img.richardsongymnastics.com *.mobile.richardsongymnastics.com *.random.richardsongymnastics.com richardsongymnastics.com *.richardsongymnastics.com

*.38.s52svgwels.xyz s52svgwels.xyz *.s52svgwels.xyz *.ww11.s52svgwels.xyz *.ww25.s52svgwels.xyz *.ww38.s52svgwels.xyz

*.mail.svberlinerbrauereien.de svberlinerbrauereien.de *.svberlinerbrauereien.de

*.api.swarfai.com swarfai.com *.swarfai.com

*.api.typelikeai.com typelikeai.com *.typelikeai.com