SSL Certificate Analysis for remote.1stprotocol.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=nftmix3s.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 11, 2026

Valid Until

May 12, 2026 89 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

09:DB:06:F4:AD:E0:04:52:95:50:D8:30:1C:29:6B:5E:70:63:26:C6:51:7E:B4:BC:5F:35:DE:BA:08:AB:0F:DF

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

1stprotocol.com *.1stprotocol.com *.remote.1stprotocol.com *.www.1stprotocol.com

Other domains in certificate

1580-gg123.cfd *.1580-gg123.cfd *.75185.1580-gg123.cfd

*.atrzsuxpw.byonix.pl *.binpdsryo.byonix.pl byonix.pl *.byonix.pl *.dweafkmng.byonix.pl *.ncjfmxhsb.byonix.pl *.qjxldvdx.byonix.pl *.random.byonix.pl *.smniegrwk.byonix.pl *.xvezlsdbo.byonix.pl

*.app.destroyer.it destroyer.it *.destroyer.it

dewi138rush.vip *.dewi138rush.vip *.portal.dewi138rush.vip

*.autoconfig.hackerslotindo.com *.cpanel.hackerslotindo.com *.cpcalendars.hackerslotindo.com hackerslotindo.com *.hackerslotindo.com *.webdisk.hackerslotindo.com *.www.hackerslotindo.com

*.dev.humanizednet.com *.hostmaster.humanizednet.com humanizednet.com *.humanizednet.com *.portal.humanizednet.com *.staging.humanizednet.com *.store.humanizednet.com

jnrc.xyz *.jnrc.xyz

*.38.kildonan.com *.comune.kildonan.com kildonan.com *.kildonan.com *.rustore.kildonan.com *.vpn3.kildonan.com

*.autodiscover.liweng.com liweng.com *.liweng.com *.loja.liweng.com *.mail.liweng.com *.sitemap.liweng.com *.sitemaps.liweng.com *.teste.liweng.com *.ww1.liweng.com *.ww38.liweng.com

*.enercity.mobility.cc mobility.cc *.mobility.cc *.ww25.mobility.cc

monguelfo.com *.monguelfo.com *.remote.monguelfo.com

*.acc-shinobi.nanhko.net *.hocvienninja.nanhko.net nanhko.net *.nanhko.net *.picaht.nanhko.net *.shinobi.nanhko.net *.thanthudaichien.nanhko.net

nerdballar.co *.nerdballar.co

*.app.nftmix3s.com nftmix3s.com *.nftmix3s.com

*.mail.pasaragaroniiotealide.shop pasaragaroniiotealide.shop *.pasaragaroniiotealide.shop

*.app.safar-bank.com safar-bank.com *.safar-bank.com

*.dashboard.theholiday.it theholiday.it *.theholiday.it

*.shop.xn--pokr-dpa.casino xn--pokr-dpa.casino *.xn--pokr-dpa.casino

*.one.ymele.com ymele.com *.ymele.com