SSL Certificate Analysis for therigtnt.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=therigtnt.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

January 03, 2026

Valid Until

April 03, 2026 51 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

BB:95:DE:47:C4:AD:CC:55:86:EA:EB:7C:01:4A:16:91:7C:42:5C:82:A7:CD:C1:29:EF:2E:EE:1D:27:FF:C8:F2

Alternative Names

84 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

84 domains

therigtnt.com *.therigtnt.com *.dev.therigtnt.com *.ww7.therigtnt.com

Other domains in certificate

78anz.top *.78anz.top

araceforunity.org *.araceforunity.org *.pay.araceforunity.org

aylesburyescaperooms.co.uk *.aylesburyescaperooms.co.uk

cwapp.store *.cwapp.store *.ww25.cwapp.store

*.blog.hgf411dsa.club hgf411dsa.club *.hgf411dsa.club

*.alexander-jackson-hundred.jamk.com jamk.com *.jamk.com *.labranet.jamk.com *.random.jamk.com *.student.jamk.com

jili789.bet *.jili789.bet *.random.jili789.bet

*.demo.lvn.uk *.hostmaster.lvn.uk lvn.uk *.lvn.uk *.old.lvn.uk *.shop.lvn.uk *.staging.lvn.uk

marokkaanseporno.com *.marokkaanseporno.com *.ww9.marokkaanseporno.com

ninocaminhoesmt.com *.ninocaminhoesmt.com

*.interviewportal.odfjeldrilling.com odfjeldrilling.com *.odfjeldrilling.com

retro-game.store *.retro-game.store *.sitemaps.retro-game.store

*.hostmaster.st-francis-lutheran.org st-francis-lutheran.org *.st-francis-lutheran.org *.www.st-francis-lutheran.org

*.admin.vokrugsveta.de *.app.vokrugsveta.de *.client.vokrugsveta.de *.customer.vokrugsveta.de *.demo.vokrugsveta.de *.monitoring.vokrugsveta.de *.portal.vokrugsveta.de vokrugsveta.de *.vokrugsveta.de *.www.vokrugsveta.de

*.autodiscover.votrefilms.xyz *.czjhl4dic52tv3bl.votrefilms.xyz *.email.votrefilms.xyz *.exchange.votrefilms.xyz *.insight.votrefilms.xyz *.m.votrefilms.xyz *.mail1.votrefilms.xyz *.mail2.votrefilms.xyz *.mx.votrefilms.xyz *.mx0.votrefilms.xyz *.mx01.votrefilms.xyz *.mx1.votrefilms.xyz *.mx2.votrefilms.xyz *.owa.votrefilms.xyz *.poc.votrefilms.xyz *.remote.votrefilms.xyz *.sitemaps.votrefilms.xyz *.smtp.votrefilms.xyz votrefilms.xyz *.votrefilms.xyz *.webmail.votrefilms.xyz

*.bebas.wizardsubs.com *.lifehouse.wizardsubs.com wizardsubs.com *.wizardsubs.com *.ww12.wizardsubs.com