Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.sandrosavino.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 04, 2025
Valid Until
March 04, 2026
87 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
BB:CF:BF:73:5D:83:F6:34:2A:5F:13:CA:13:CF:67:81:DB:E3:7E:70:33:CA:13:9D:D7:B9:A5:D9:E5:65:E8:B2
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
access.open-industrial-pki.org
staging-physio.activlife.my
alphamindsolution.com
test.arixautomation.com
qr.arthur.city
arx.wtf
www.automatizatrading.com
awb.ma
api.billbo.tv
www.bostonprops.app
centrosinapsis.com
www.centrosinapsis.com
tzufy.co.il
dozy.co.in
health.icube.co.th
crizzaandjerwin.com
crystabyte.co.uk
app.deli-picks.com
console.digitalgrub.com
www.digividbio.com
doev.app
dubu.fr
beautify.eeshanya.dev
www.finditly.com
sintpaulusvijfseweg.flockim.com
fontourha.com.br
my-dev.foodsi.pl
gaminggoat.io
www.gatfinger.com
pay.sandbox.xbd.gr4vy.app
www.greenassist.co.uk
www.gurten-taxi.ch
hearourvoices.io
www.hedonic.games
separaciones-admon.idei.com.mx
ikuzaki.jp
imaginerealities.com.au
www.impactmusic.ca
www.ingenieriaysolucionesciviles.co
blog.insideapp.it
dev-api.iqid.com
www.irsassociation.org
iscdrlondon.org
stage.jewishnext.com
pepino.jmkt.digital
jobinship.com
partners.ju.studio
www.justpm.de
blog.k2a.in
lendfluxy.com
lensxpert.vision
loredesign.fi
mcvagencement.fr
www.memo.fun
www.mercedsmogcenter.com
nakodaassist.in
creator-link-staging.nightcafe.studio
niravpokar.in
o.othercooked.com
pendlerapp.cz
auth.pepperpin.com
www.performancehub.com.au
bookmarks.phaisan.dev
poster.land
www.precisecontracting.co.za
promotar.co.uk
www.qtradecapital.com
rabishtra.in
admin.radiokasoot.com
rei-infra.com
relishon66.ca
info.republish.nl
right-lock.com
rinooktavianridwan.site
ronakraval.com
sandboxcarbon.com
www.sandrosavino.com
scordle.app
scriblin.com
scripturepuzzler.com
hitossy.skd-tf.com
skpackers.com
snsarbitrationcentre.org
stayatfriends.house
swingjeans.it
dev.abcadmin.the8th-floor.com
auth.ubbik.fr
get.vscore.ch
wanavakind.com
www.wealthwick.com
www.webscrapers.org
welnes.app
www.wheelofnames.page
www.whitemensalon.com
wotching.com
api.ugdev.x10.mx
xamaral.com
yapolyak.com
yathou.com
www.zubizi.com
Other domains in certificate