Open
Cached
·
just now
77/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=app.olaonibus.com.br
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
April 19, 2026
Valid Until
July 18, 2026
70 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
2F:A9:B0:2C:5A:8F:2D:38:4E:55:9A:77:B1:14:FD:8C:9B:0F:51:4F:A5:B7:F0:47:3F:69:17:D0:2B:AA:E8:02
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
abc-dates.de
status.agechecker.net
algo-teacher.com
blog.analyticsverse.info
animasphere.io
antikus.lt
admin.fares.anyware.software
www.arkbreeder.com
badirinho.com.tr
auth.demo.billiv.fr
www.bpcar.bz
breakroomcup.com
www.byggis.no
caloriex.in
tools.carlosfelipe.dev
id.carrot.net
gcp-us-east1-19.dev.app.carto.com
www.castellochess.com
cente-vsla.centetech.com
www.codewich.com
dinosaurs.comounexperto.com
devveo.com
ecare.diastecnologia.com.br
langen.digitaf.de
santel.for.dinii.jp
distributedacademy.org
www.diverswoerden.nl
www.elevateu.me
escgservice.co.in
link.flash-coffee.com
fmahub.com
gehrmann.org
auth.gemihealth.com
ghelere.srv.br
ginnyhelsen.co.uk
esg.globalpccs.com
series.grahammacphee.com
gtaluxrentals.com
gypd.com
hotelbooki.com
www.howtofly.be
hristiyana-ivanova.com
indiva.shop
jacktraina.com
judhajitsarkar.com
chameleon.kingiol.com
kultursommernoe.at
lazytexts.com
universal-wayfinding.libry.dk
www.livekoora.vip
bridge.locker-token.com
www.ludocash.online
lynk.design
marciafraerman.com
mdkaiumhasan.site
www.mdkaiumhasan.site
portal.menuengfood.com.br
mintlit.com
widerlov.demo.movello.se
finance.murarinayak.com
musicrewards.com
mwalimu-ai.me
nadiacagayrealty.com
nahush.in
www.northweather.com
app.olaonibus.com.br
orbismindstech.com
owlandscroll.com
www.pkycurrency.com
godt.plassert.no
pmcusa.org
procuren.in
rahimimedical.com
app.readyteam.ai
app.restorandirinting.com
riff-vault.com
www.rijksclose.co.za
robertoalvarez.me
erp.sandrasoftware.com
www.sbdevelopment.cloud
shotcraft.art
simonacozzolino.com
caceres.bioponto.sistemasnemesis.com.br
accesosb.smartledge.com
sneekshot.com
sydsample-app.speakylink.com
staffmailpro.com
pprecipes.stlln.com
tarikh.in
www.tinkertech.dev
tribelmadira.in
truebluetech.in
app.tudutu.com
twinedge.com
typebeer.com
www.voertuigvinder.nl
watermark-usedom.de
www.wearestack.com
workick.fit
zebral.net
Other domains in certificate