SSL Certificate Analysis for mx3.bellic.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=foxnewstoday.co

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 04, 2026

Valid Until

May 05, 2026 82 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

3E:B9:EA:36:22:59:0D:13:D0:CC:D7:BA:9E:64:9B:EE:EA:90:7E:07:A1:1D:54:43:8A:8C:A6:BF:61:59:16:8A

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

bellic.com *.bellic.com *.api.bellic.com *.assets.bellic.com *.dashboard.bellic.com *.web.bellic.com *.ww1.bellic.com

Other domains in certificate

coachingscolairetogo.org *.coachingscolairetogo.org *.mail.coachingscolairetogo.org *.webmail.coachingscolairetogo.org

countryday.it *.countryday.it *.imap.countryday.it

*.cpanel.foxnewstoday.co foxnewstoday.co *.foxnewstoday.co *.hostmaster.foxnewstoday.co *.mail.foxnewstoday.co *.random.foxnewstoday.co *.www.foxnewstoday.co

freevpn-android.mobi *.freevpn-android.mobi *.lsbnkcpcalendars.freevpn-android.mobi

fun88-fun88.icu *.fun88-fun88.icu *.p.fun88-fun88.icu

isofa.store *.isofa.store *.mail.isofa.store *.ww25.isofa.store *.ww38.isofa.store

*.haunixikii.kak.au kak.au *.kak.au *.kanxan.kak.au *.mepokea.kak.au *.na.kak.au *.ww25.kak.au *.xio.kak.au

miraculous.it *.miraculous.it *.remote.miraculous.it

*.demo.shopsite.it shopsite.it *.shopsite.it

*.sharepoint.slotjogovvm.com slotjogovvm.com *.slotjogovvm.com

*.insight.ssf.at ssf.at *.ssf.at

*.secure.titlemore.com titlemore.com *.titlemore.com

xn--e1afgzbg1e.com *.xn--e1afgzbg1e.com

xn--h6q988n.com *.xn--h6q988n.com

xn--mgb1dis.life *.xn--mgb1dis.life

xn--oorv7pis6aba.com *.xn--oorv7pis6aba.com

xn--spuv6x.com *.xn--spuv6x.com

ybdii6x.cyou *.ybdii6x.cyou

yeshiwaseyasu.com *.yeshiwaseyasu.com

yfc71.top *.yfc71.top

yozgkf.academy *.yozgkf.academy

yqxtooel.com *.yqxtooel.com

yyy729.top *.yyy729.top

zenmuse.info *.zenmuse.info

zfr.it *.zfr.it

zgt57orangefnode6.top *.zgt57orangefnode6.top

zimhfghor.com *.zimhfghor.com

zudyf.cam *.zudyf.cam

zwares.com *.zwares.com