SSL Certificate Analysis for testing.kn88.org - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=kn88.org

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

April 23, 2026

Valid Until

July 22, 2026 71 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

B1:47:E7:79:86:99:D8:70:3C:A8:87:42:5B:26:F2:97:3C:B2:D8:5A:34:C5:D9:B0:92:34:49:C7:8C:9F:D3:32

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

kn88.org *.kn88.org *.59a44d60-2126-4ec9-b6b2-d356f9d7ec1f.kn88.org *.5cf9e9eb-e010-4640-b8a6-8c78fe3b2e60.kn88.org *.api.kn88.org *.app.kn88.org *.beta.kn88.org *.co.kn88.org *.dev.kn88.org *.members.kn88.org *.test.kn88.org *.testing.kn88.org

Other domains in certificate

berviral.xyz *.berviral.xyz *.rustore.berviral.xyz *.webdisk.berviral.xyz *.www.berviral.xyz

*.api.cineplaynow.club *.app.cineplaynow.club cineplaynow.club *.cineplaynow.club *.cpanel.cineplaynow.club *.cpcalendars.cineplaynow.club *.cpcontacts.cineplaynow.club *.dev.cineplaynow.club *.mail.cineplaynow.club *.webdisk.cineplaynow.club *.webmail.cineplaynow.club *.whm.cineplaynow.club *.ww1.cineplaynow.club

dripmail.pro *.dripmail.pro

*.api.dubaipropertyshow.co *.app.dubaipropertyshow.co *.dev.dubaipropertyshow.co dubaipropertyshow.co *.dubaipropertyshow.co *.test.dubaipropertyshow.co *.www.dubaipropertyshow.co

*.app.gazzettino.com *.argo.gazzettino.com gazzettino.com *.gazzettino.com *.mail2.gazzettino.com

*.data.guaro.it *.dev.guaro.it guaro.it *.guaro.it *.mx.guaro.it *.remote.guaro.it *.report.guaro.it *.test.guaro.it *.www.guaro.it

*.anyconnect.illaboratorio.com *.billing.illaboratorio.com *.cdn.illaboratorio.com *.cit.illaboratorio.com *.german.illaboratorio.com illaboratorio.com *.illaboratorio.com *.mail.illaboratorio.com *.reg.illaboratorio.com *.secureconnect.illaboratorio.com *.securevpn.illaboratorio.com *.test.illaboratorio.com *.ww25.illaboratorio.com *.ww38.illaboratorio.com

*.df4pl1dtopta.mbwapixj.com mbwapixj.com *.mbwapixj.com

*.analytic.pirlotv.ch *.bi.pirlotv.ch *.data.pirlotv.ch *.insight.pirlotv.ch pirlotv.ch *.pirlotv.ch *.preprod.pirlotv.ch *.ww25.pirlotv.ch

*.devlog.resquared.studio resquared.studio *.resquared.studio *.static.resquared.studio

*.cloud.spagadtry.com *.rd.spagadtry.com *.rds.spagadtry.com *.rdweb.spagadtry.com *.remote.spagadtry.com spagadtry.com *.spagadtry.com