SSL Certificate Analysis for short.monlive.pro - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=iconinternational.com.au

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 18, 2025

Valid Until

March 18, 2026 45 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

59:B5:38:F0:BC:6F:2B:BA:F7:6F:C3:3F:6C:8C:A3:98:71:81:13:01:F8:F4:62:11:FC:86:A1:DD:F9:07:E6:56

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

monlive.pro *.monlive.pro *.ag2r.monlive.pro *.cng.monlive.pro *.nielseniq.monlive.pro *.onehealth.monlive.pro *.stats.monlive.pro *.unis.monlive.pro

Other domains in certificate

*.3520d1.5zm24s.net 5zm24s.net *.5zm24s.net *.nmtd6.5zm24s.net *.sfi.5zm24s.net

*.1l.71c.info 71c.info *.71c.info

almomilk.com.au *.almomilk.com.au *.papelero.almomilk.com.au *.send.almomilk.com.au

apf-apj-opb.com *.apf-apj-opb.com *.backend.apf-apj-opb.com *.demo.apf-apj-opb.com *.smtp.apf-apj-opb.com *.staging.apf-apj-opb.com *.ww25.apf-apj-opb.com

apple-solution.com *.apple-solution.com *.paypaai.apple-solution.com *.verify.apple-solution.com

*.dev.iconinternational.com.au iconinternational.com.au *.iconinternational.com.au

munchi.blog *.munchi.blog

naziaz.com *.naziaz.com *.www.naziaz.com

nextgnwms.com *.nextgnwms.com

*.angioclam.projetos.io *.decolex.projetos.io *.lp.projetos.io projetos.io *.projetos.io *.yanmaq.projetos.io *.yanmaq3.projetos.io *.zenite.projetos.io

quickresponseneeded.com *.quickresponseneeded.com

*.einfachzahlen.sandander.de *.extern.sandander.de *.identity.sandander.de *.mail.sandander.de *.mailx.sandander.de *.mein.sandander.de *.meine.sandander.de *.notexistsmailx.sandander.de sandander.de *.sandander.de *.vpn.sandander.de *.w.sandander.de *.webmail.sandander.de *.wildcard.sandander.de *.ww.sandander.de *.www.sandander.de *.wwww.sandander.de

*.beta.spendcoin.org spendcoin.org *.spendcoin.org

taiki.in *.taiki.in

*.jenkins.teacherspayteacher.com *.preprod.teacherspayteacher.com *.random.teacherspayteacher.com teacherspayteacher.com *.teacherspayteacher.com *.www.teacherspayteacher.com

*.hostmaster.tesol.com.au tesol.com.au *.tesol.com.au *.ww38.tesol.com.au

*.ns1.tohpati-music.com *.random.tohpati-music.com tohpati-music.com *.tohpati-music.com

*.ww16.yc6w69.com yc6w69.com *.yc6w69.com