Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=xwik.me
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
January 08, 2026
Valid Until
April 08, 2026
45 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
2A:5A:20:AE:D0:FF:B9:4E:01:F9:72:57:3B:8F:FF:76:2F:91:80:67:7F:66:E8:3A:2C:A9:62:76:3A:21:91:49
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
88 domains
microsof.co
*.microsof.co
*.acount.microsof.co
*.data.microsof.co
*.urbasercloud.microsof.co
*.wvd.microsof.co
*.ww25.microsof.co
arduinio.cc
*.arduinio.cc
*.old.arduinio.cc
*.playground.arduinio.cc
*.preprod.arduinio.cc
*.sandbox.arduinio.cc
billierazor.com
*.billierazor.com
*.hostmaster.billierazor.com
*.ww25.billierazor.com
*.billing.carsforsae.com
*.business.carsforsae.com
carsforsae.com
*.carsforsae.com
*.cloud.carsforsae.com
*.eng.carsforsae.com
*.forums.carsforsae.com
*.imap.carsforsae.com
*.ipe.carsforsae.com
*.lib.carsforsae.com
*.ms.carsforsae.com
*.mx.carsforsae.com
*.mx0.carsforsae.com
*.ssl.carsforsae.com
*.forum.freedatingservice.com
freedatingservice.com
*.freedatingservice.com
*.mba.freedatingservice.com
*.new.freedatingservice.com
*.old.freedatingservice.com
*.photo.freedatingservice.com
*.reklama.freedatingservice.com
*.support.freedatingservice.com
*.users.freedatingservice.com
*.www.freedatingservice.com
httpsinstitutodepsicologiaself.com
*.httpsinstitutodepsicologiaself.com
*.lab.httpsinstitutodepsicologiaself.com
*.www.httpsinstitutodepsicologiaself.com
*.butler-southern.mengs.com
*.dan.mengs.com
mengs.com
*.mengs.com
*.onkel.mengs.com
*.bbs.porndog.com
*.demo.porndog.com
*.fb.porndog.com
*.geo.porndog.com
*.it.porndog.com
*.movie.porndog.com
porndog.com
*.porndog.com
*.sex.porndog.com
*.wordpress.porndog.com
*.ww5.porndog.com
*.www-1.porndog.com
*.alpha.safra.tech
*.board.safra.tech
*.hostmaster.safra.tech
*.jenkins.safra.tech
safra.tech
*.safra.tech
*.shop.safra.tech
*.store.safra.tech
*.random.taqu181.xyz
taqu181.xyz
*.taqu181.xyz
*.ww25.taqu181.xyz
thecryptoprimefx.xyz
*.thecryptoprimefx.xyz
*.ww25.thecryptoprimefx.xyz
*.cms.voomera.com
*.drupal.voomera.com
*.fb.voomera.com
*.med.voomera.com
*.members.voomera.com
*.se.voomera.com
voomera.com
*.voomera.com
xwik.me
*.xwik.me
Other domains in certificate