SSL Certificate Analysis for mykbs.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=mgqq.sbs

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 04, 2026

Valid Until

May 05, 2026 85 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

AE:A3:37:F5:46:02:51:EB:2B:4E:0C:89:7C:1D:8A:D6:94:6E:8A:05:5D:16:31:2A:38:64:20:F3:37:DD:DB:51

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

mykbs.com *.mykbs.com

Other domains in certificate

mgqq.sbs *.mgqq.sbs

migueldelao.com *.migueldelao.com

mitolynbuydirect.com *.mitolynbuydirect.com

mixers.it *.mixers.it

mobiblogs.org *.mobiblogs.org

mostbet-c80h.xyz *.mostbet-c80h.xyz

mostbet-r6dw.xyz *.mostbet-r6dw.xyz

mrliga44.org *.mrliga44.org

musetix.com *.musetix.com

musicflowtop.com *.musicflowtop.com

mxavsp253.com *.mxavsp253.com

mxavsp261.com *.mxavsp261.com

mxavsp276.com *.mxavsp276.com

my85qtpz.top *.my85qtpz.top

mycelialegal.click *.mycelialegal.click

myecommerce.it *.myecommerce.it

myfoampartyallstars.com *.myfoampartyallstars.com

nadextrade.co *.nadextrade.co

naoc2012.org *.naoc2012.org

napgloballtd.com *.napgloballtd.com

nationalsecurity.it *.nationalsecurity.it

nbet79.biz *.nbet79.biz

nelz.com *.nelz.com

nobilta.it *.nobilta.it

noctis-ai.us *.noctis-ai.us

nohulamgiau.com *.nohulamgiau.com

nokumoitweb.com *.nokumoitweb.com

nordholland.com *.nordholland.com

northdakotasportslive.com *.northdakotasportslive.com

novantasei.it *.novantasei.it

ocnpw.cc *.ocnpw.cc

ocog472.top *.ocog472.top

odeonextras.com *.odeonextras.com

odysredirect.com *.odysredirect.com

ofcounsel.it *.ofcounsel.it

official-markets.cfd *.official-markets.cfd

onlineverbraucherschutz.info *.onlineverbraucherschutz.info

onshoes.it *.onshoes.it

orderfood.it *.orderfood.it

orderhemaskitchen.com *.orderhemaskitchen.com

ottengo.it *.ottengo.it

owed.it *.owed.it

packaging-machine-id-23.click *.packaging-machine-id-23.click

paellaplace.com *.paellaplace.com