SSL Certificate Analysis for mx.bilu.it - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=apebook.org

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

March 13, 2026

Valid Until

June 11, 2026 36 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3B:BA:77:2A:F8:97:8A:58:49:48:A3:64:34:27:03:28:15:5A:3B:FA:AE:8A:FF:C6:2C:28:E6:8C:AD:0F:8C:66

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

bilu.it *.bilu.it *.api.bilu.it *.app.bilu.it *.beta.bilu.it *.checkout.bilu.it *.insight.bilu.it *.remote.bilu.it *.reporting.bilu.it *.superset.bilu.it

Other domains in certificate

apebook.org *.apebook.org

centrymgt.com *.centrymgt.com *.dns.centrymgt.com *.hostmaster.centrymgt.com *.mx7.centrymgt.com *.ww38.centrymgt.com

ejvp.com *.ejvp.com *.hotfix.ejvp.com *.mx1.ejvp.com *.sj.ejvp.com

evricx.info *.evricx.info

gravitatecode.com *.gravitatecode.com *.ww25.gravitatecode.com

*.airmaxx.istyxx.com *.comwww.istyxx.com *.egsol.istyxx.com *.hotspot.istyxx.com *.hotspotc.istyxx.com istyxx.com *.istyxx.com *.mail.istyxx.com *.mcs.istyxx.com *.mediax.istyxx.com *.quarks.istyxx.com *.recc.istyxx.com *.redlion.istyxx.com *.skin.istyxx.com *.ww25.istyxx.com

kayra.live *.kayra.live *.ww25.kayra.live

kongmv16.com *.kongmv16.com *.sitemap.kongmv16.com *.ww25.kongmv16.com *.www.kongmv16.com

kpopidol.net *.kpopidol.net *.random.kpopidol.net *.ww25.kpopidol.net *.ww7.kpopidol.net *.www.kpopidol.net

latexhure.de *.latexhure.de *.ww38.latexhure.de

*.99.mycloud4.online *.mwww.mycloud4.online mycloud4.online *.mycloud4.online *.sitemap.mycloud4.online *.vpn.mycloud4.online

pcanywhere.online *.pcanywhere.online *.ww38.pcanywhere.online

petermeadit.net *.petermeadit.net *.ww38.petermeadit.net

poweredclassic.com *.poweredclassic.com *.ww25.poweredclassic.com

reen-anlagenbau.de *.reen-anlagenbau.de *.ww25.reen-anlagenbau.de

shoptriplet.store *.shoptriplet.store *.ww25.shoptriplet.store

skins.life *.skins.life *.ww25.skins.life

voebalzone.nl *.voebalzone.nl *.ww17.voebalzone.nl *.ww25.voebalzone.nl *.ww38.voebalzone.nl