SSL Certificate Analysis for sili.live - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=blackstoneus.club

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 30, 2025

Valid Until

March 30, 2026 51 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

54:08:EA:89:09:73:F0:D2:15:74:AB:94:44:0F:85:F0:7C:63:29:0A:EA:E5:38:34:AF:6E:C0:90:BC:9B:09:6C

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

sili.live *.sili.live

Other domains in certificate

77royalmax.info *.77royalmax.info *.api.77royalmax.info *.app.77royalmax.info *.backend.77royalmax.info *.bgptools-wildcard-confirmed.77royalmax.info *.m.77royalmax.info *.sitemap.77royalmax.info *.sitemaps.77royalmax.info *.staging-jenkins.77royalmax.info *.staging.77royalmax.info *.uat.77royalmax.info *.ww25.77royalmax.info *.ww38.77royalmax.info *.www.77royalmax.info *.www1.77royalmax.info

alien9fei66.vip *.alien9fei66.vip

art-craft-tutorials.com *.art-craft-tutorials.com

*.126.aspalsta.net *.332758.aspalsta.net *.467187.aspalsta.net *.68154.aspalsta.net *.789.aspalsta.net *.796642.aspalsta.net *.88398437.aspalsta.net *.9197637.aspalsta.net *.99.aspalsta.net aspalsta.net *.aspalsta.net *.s.aspalsta.net *.ww38.aspalsta.net

barkbox.cm *.barkbox.cm

blackstoneus.club *.blackstoneus.club *.ww38.blackstoneus.club

mebleorientalne.com.pl *.mebleorientalne.com.pl

consumed.live *.consumed.live

crystalglasses.com.au *.crystalglasses.com.au *.test.crystalglasses.com.au *.workflow.crystalglasses.com.au

dealzone.live *.dealzone.live

drhemp.com.au *.drhemp.com.au *.integration.drhemp.com.au

gbototo.site *.gbototo.site *.sitemap.gbototo.site *.sitemaps.gbototo.site *.staging.gbototo.site *.store.gbototo.site *.vpn.gbototo.site *.www.gbototo.site

*.beta.goodsend.com *.dev.goodsend.com goodsend.com *.goodsend.com *.hostmaster.goodsend.com *.m.goodsend.com *.remote.goodsend.com *.ww16.goodsend.com *.ww17.goodsend.com *.ww25.goodsend.com *.ww38.goodsend.com *.www.goodsend.com

gsrk.shop *.gsrk.shop

guillemet.com *.guillemet.com *.manager.guillemet.com *.mx.guillemet.com *.www.guillemet.com

mygreatlajes.org *.mygreatlajes.org

petersfield-appliance-repairs.co.uk *.petersfield-appliance-repairs.co.uk

tgu-tommyguns.com *.tgu-tommyguns.com

*.bi.thoptvofficial.site *.hostmaster.thoptvofficial.site thoptvofficial.site *.thoptvofficial.site