SSL Certificate Analysis for skail.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=newkala.pro

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

February 04, 2026

Valid Until

May 05, 2026 85 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

21:9F:25:E7:DF:3D:C0:16:F8:15:61:10:7D:9A:AD:1B:1E:59:8B:DC:CE:9E:DA:33:43:5B:09:15:A4:BA:59:4E

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

skail.com *.skail.com *.access.skail.com *.apps.skail.com *.cloud.skail.com *.remote.skail.com *.webmail.skail.com

Other domains in certificate

19douyin.org *.19douyin.org *.ccwww.19douyin.org

bmb.us *.bmb.us *.com-ayu.bmb.us

cheapesttechbuy.in *.cheapesttechbuy.in *.webmail.cheapesttechbuy.in

ergonomico.com *.ergonomico.com *.ww16.ergonomico.com

fnts.cc *.fnts.cc *.kerry.fnts.cc *.wildcard.fnts.cc *.ww25.fnts.cc

*.31a1d1eb-cc09-4739-848f-08bf2f5dcab4.kpoptours.asia *.f06267ee-c444-4e97-9974-a4c46d9a5ef5.kpoptours.asia kpoptours.asia *.kpoptours.asia *.webmail.kpoptours.asia

mathkids.com *.mathkids.com *.random.mathkids.com

*.dev.munksgaard.com munksgaard.com *.munksgaard.com

*.demos.newkala.pro *.mail.newkala.pro newkala.pro *.newkala.pro *.www.newkala.pro

nnewegg.com *.nnewegg.com *.random.nnewegg.com *.ww16.nnewegg.com *.ww25.nnewegg.com *.ww38.nnewegg.com

*.admin.prestigebuysell.store *.autoconfig.prestigebuysell.store *.autodiscover.prestigebuysell.store *.mail.prestigebuysell.store prestigebuysell.store *.prestigebuysell.store *.webmail.prestigebuysell.store

rizona.net *.rizona.net

schroedersettlment.com *.schroedersettlment.com

*.hostmaster.skiguy.com skiguy.com *.skiguy.com *.webmail.skiguy.com *.ww25.skiguy.com

*.blog.sushilweb.com *.forum.sushilweb.com *.host.sushilweb.com sushilweb.com *.sushilweb.com

*.app.topuptstvafrica.com *.b2.topuptstvafrica.com *.b3.topuptstvafrica.com *.b4.topuptstvafrica.com *.host.topuptstvafrica.com *.mail.topuptstvafrica.com *.sms.topuptstvafrica.com topuptstvafrica.com *.topuptstvafrica.com *.video.topuptstvafrica.com

*.connect.urkut.com *.customers.urkut.com *.rds1.urkut.com *.sslvpn3.urkut.com urkut.com *.urkut.com

vapoureyes.au *.vapoureyes.au *.ww38.vapoureyes.au

*.store.wifeusa.com wifeusa.com *.wifeusa.com