SSL Certificate Analysis for xoaomi.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=ptvsport.live

Issuer

C=US, O=Let's Encrypt, CN=YR1

Valid From

May 29, 2026

Valid Until

August 27, 2026 84 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

0D:8C:19:30:33:67:DE:91:38:97:AB:65:21:18:0B:3D:E9:93:77:5E:DF:E1:63:14:31:01:51:7D:5B:82:09:0F

Alternative Names

82 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

82 domains

xoaomi.com *.xoaomi.com *.account.xoaomi.com *.be.xoaomi.com *.httoaccount.xoaomi.com *.intl.xoaomi.com *.market.xoaomi.com *.misvat.xoaomi.com *.zhushou.xoaomi.com

Other domains in certificate

anime-kai.com *.anime-kai.com *.ww38.anime-kai.com

bdjobs.store *.bdjobs.store *.mail.bdjobs.store

campingtools.pro *.campingtools.pro

earthenpot.com.au *.earthenpot.com.au

friendinder.com *.friendinder.com *.hostmaster.friendinder.com *.random.friendinder.com *.ww38.friendinder.com

*.direct101.gamexmaster.com *.earn.gamexmaster.com *.ff20.gamexmaster.com gamexmaster.com *.gamexmaster.com *.sr.gamexmaster.com *.ww38.gamexmaster.com *.www.gamexmaster.com

maharani.life *.maharani.life *.ww38.maharani.life

mantimeter.com *.mantimeter.com

napanow2025.com *.napanow2025.com

paskids.com *.paskids.com *.summers-weber-production.paskids.com *.wallace-not.paskids.com *.wildcard.paskids.com

peope.com *.peope.com *.vpn.peope.com

*.free.ptvsport.live ptvsport.live *.ptvsport.live *.youtube.ptvsport.live

*.blog.risingtideharbor.com risingtideharbor.com *.risingtideharbor.com *.ww12.risingtideharbor.com

seesawdo.com *.seesawdo.com

*.random.slipcc.com slipcc.com *.slipcc.com *.ww16.slipcc.com

sujlhaxilfk.com *.sujlhaxilfk.com *.ww38.sujlhaxilfk.com

thehedgehogshop.co.uk *.thehedgehogshop.co.uk

*.marketing.wellnessforhome.com wellnessforhome.com *.wellnessforhome.com

*.autodiscover.wensend.com *.cpanel.wensend.com *.cpcalendars.wensend.com *.cpcontacts.wensend.com *.dc-b4ea38fe7c5c.wensend.com *.hostmaster.wensend.com *.insta.wensend.com *.mail.wensend.com *.webdisk.wensend.com *.webmail.wensend.com wensend.com *.wensend.com *.www.wensend.com