SSL Certificate Analysis for up.karandashheaven.site - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=anicrush.io

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 03, 2025

Valid Until

March 03, 2026 86 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

69:DB:3A:10:0B:DF:E2:1A:D9:0D:EE:95:84:36:C4:B2:5D:A0:29:EF:F5:51:E9:07:C9:E3:F7:E9:1D:93:47:87

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

karandashheaven.site *.karandashheaven.site *.link.karandashheaven.site *.sign-up.karandashheaven.site *.sitemap.karandashheaven.site *.up.karandashheaven.site

Other domains in certificate

1877det.com *.1877det.com

anclamarswreceptionhall.com *.anclamarswreceptionhall.com *.hostmaster.anclamarswreceptionhall.com *.ww17.anclamarswreceptionhall.com

anicrush.io *.anicrush.io *.sitemap.anicrush.io *.sitemaps.anicrush.io *.wildcard.anicrush.io

banane.studio *.banane.studio

bestgirlsexy.net *.bestgirlsexy.net

bestxxxindian.com *.bestxxxindian.com

bra951.com *.bra951.com

chatplugin.top *.chatplugin.top *.ww25.chatplugin.top

contractlaws.au *.contractlaws.au

*.cpcontacts.demircioglucamping.com demircioglucamping.com *.demircioglucamping.com *.ww38.demircioglucamping.com

*.crowd.enzymetoyou.com enzymetoyou.com *.enzymetoyou.com

*.cicd.funtest.io funtest.io *.funtest.io *.jenkins.funtest.io *.pipeline.funtest.io *.preview.funtest.io *.widget.funtest.io

helochomeequitylineofcreditrates824327.icu *.helochomeequitylineofcreditrates824327.icu

hostelciudadela7.com *.hostelciudadela7.com *.hostmaster.hostelciudadela7.com *.random.hostelciudadela7.com *.www.hostelciudadela7.com

interwintop.com *.interwintop.com

kaiyunsports-edu.com *.kaiyunsports-edu.com

ocppqerf.com *.ocppqerf.com

*.autodiscover.planinec.club *.cpanel.planinec.club *.cpcalendars.planinec.club *.cpcontacts.planinec.club *.development.planinec.club *.integration.planinec.club *.mail.planinec.club planinec.club *.planinec.club *.webdisk.planinec.club *.webmail.planinec.club

prestigiousparcels.com.au *.prestigiousparcels.com.au

*.mqtguww25.savedpasswords.site *.random.savedpasswords.site savedpasswords.site *.savedpasswords.site

smurfwin.bet *.smurfwin.bet

*.blog.thegiftaway.com *.booking.thegiftaway.com *.enterprise.thegiftaway.com *.sneapy.thegiftaway.com thegiftaway.com *.thegiftaway.com

theneuropulse.com *.theneuropulse.com

*.hostmaster.xn--80aaeee4clfn0d.com *.kfp.xn--80aaeee4clfn0d.com *.ww25.xn--80aaeee4clfn0d.com *.ww38.xn--80aaeee4clfn0d.com xn--80aaeee4clfn0d.com *.xn--80aaeee4clfn0d.com