SSL Certificate Analysis for sinx.live - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=sinx.live

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

February 01, 2026

Valid Until

May 02, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DB:36:C1:59:95:62:CE:C2:73:01:EE:61:E6:2D:E6:05:80:34:C0:8A:9F:02:9F:BB:FD:8D:59:1A:EE:50:43:78

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

sinx.live *.sinx.live *.ww25.sinx.live

Other domains in certificate

apostagreen.bet *.apostagreen.bet *.ftp.apostagreen.bet

bestcabinetry.xyz *.bestcabinetry.xyz *.sitemap.bestcabinetry.xyz *.ww25.bestcabinetry.xyz

*.backup.carnesana.com *.blog.carnesana.com carnesana.com *.carnesana.com *.forum.carnesana.com *.hostmaster.carnesana.com *.ww11.carnesana.com *.www.carnesana.com

check-you.me *.check-you.me *.five.check-you.me *.four.check-you.me *.one.check-you.me *.three.check-you.me *.ww25.check-you.me *.ww38.check-you.me

dcstorect.online *.dcstorect.online *.ww25.dcstorect.online

*.cpcontacts.iskcondb.com iskcondb.com *.iskcondb.com

*.dev.mothballing.com *.mail.mothballing.com mothballing.com *.mothballing.com

njdivisionoftaxation.com *.njdivisionoftaxation.com *.ww25.njdivisionoftaxation.com *.ww38.njdivisionoftaxation.com

songisongi.me *.songisongi.me *.ww25.songisongi.me

*.internet.suugardaddy.com suugardaddy.com *.suugardaddy.com

teamsurfing.club *.teamsurfing.club *.ww3.teamsurfing.club

*.admin.teleriumtv.me *.api.teleriumtv.me *.assets.teleriumtv.me *.cpanel.teleriumtv.me *.cpcalendars.teleriumtv.me *.cpcontacts.teleriumtv.me *.demo.teleriumtv.me *.dev.teleriumtv.me *.m.teleriumtv.me *.mail.teleriumtv.me teleriumtv.me *.teleriumtv.me *.test.teleriumtv.me *.webdisk.teleriumtv.me *.webmail.teleriumtv.me *.wildcard.teleriumtv.me *.ww1.teleriumtv.me *.ww2.teleriumtv.me *.ww25.teleriumtv.me *.ww4.teleriumtv.me *.ww5.teleriumtv.me

*.enews.uniteds.com *.hotels.uniteds.com *.jetstream.uniteds.com uniteds.com *.uniteds.com

*.backend.vintagevelo-leipzig.com vintagevelo-leipzig.com *.vintagevelo-leipzig.com *.ww25.vintagevelo-leipzig.com

votosshop.com *.votosshop.com *.ww25.votosshop.com

wikigams.online *.wikigams.online *.ww25.wikigams.online *.ww38.wikigams.online

*.ww25.yess.live yess.live *.yess.live