SSL Certificate Analysis for mp3.li - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=priaqq4.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 18, 2025

Valid Until

March 18, 2026 34 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

C9:89:EE:62:27:09:B5:44:40:49:92:66:37:C7:D0:8B:9D:3E:84:3D:37:CA:F3:8F:C9:2C:60:5C:35:CA:07:DA

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

mp3.li *.mp3.li *.m.mp3.li *.pr3.mp3.li

Other domains in certificate

balinbarelax.com *.balinbarelax.com *.random.balinbarelax.com

*.app.boxguide.xyz *.autodiscover.boxguide.xyz boxguide.xyz *.boxguide.xyz *.cloud.boxguide.xyz *.cpanel.boxguide.xyz *.cpcalendars.boxguide.xyz *.cpcontacts.boxguide.xyz *.d.boxguide.xyz *.dsp.boxguide.xyz *.ftp.boxguide.xyz *.gslb.boxguide.xyz *.mail.boxguide.xyz *.webdisk.boxguide.xyz *.webmail.boxguide.xyz *.whm.boxguide.xyz *.ww25.boxguide.xyz *.ww38.boxguide.xyz *.www.boxguide.xyz

*.bank.citib.com citib.com *.citib.com *.fig.citib.com *.kxy.citib.com *.online.citib.com *.ww17.citib.com *.ww25.citib.com *.ww38.citib.com

pgl.com.pl *.pgl.com.pl

earn-fire.com *.earn-fire.com *.whm.earn-fire.com

erlebnisschwimmbad.de *.erlebnisschwimmbad.de

*.blog.liuidation.com liuidation.com *.liuidation.com *.random.liuidation.com *.ww16.liuidation.com

michigan.bio *.michigan.bio *.sitemaps.michigan.bio *.ww7.michigan.bio *.www.michigan.bio

panot.pro *.panot.pro

priaqq4.com *.priaqq4.com

*.mobileconnect.qq-998gacor.com qq-998gacor.com *.qq-998gacor.com *.remote.qq-998gacor.com *.sslvpn.qq-998gacor.com

scanncutcanvas.com *.scanncutcanvas.com *.ww16.scanncutcanvas.com *.ww25.scanncutcanvas.com

*.jenkins.thewd.com thewd.com *.thewd.com

*.api.walk-in-bathtub-costs-cz.click *.bot.walk-in-bathtub-costs-cz.click *.cicd.walk-in-bathtub-costs-cz.click *.dev.walk-in-bathtub-costs-cz.click *.mail.walk-in-bathtub-costs-cz.click *.pipeline.walk-in-bathtub-costs-cz.click walk-in-bathtub-costs-cz.click *.walk-in-bathtub-costs-cz.click *.www.walk-in-bathtub-costs-cz.click

*.autoconfig.walker.bet *.devamb.walker.bet *.ftp.walker.bet walker.bet *.walker.bet

*.25.xxzhs.info *.ww25.xxzhs.info *.ww38.xxzhs.info *.www.xxzhs.info xxzhs.info *.xxzhs.info

yiqu2021.com *.yiqu2021.com