Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=airmanual.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 25, 2025
Valid Until
January 23, 2026
68 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
2A:FB:CA:AD:6E:B3:14:A7:FC:70:FB:1B:6F:27:18:ED:C3:D7:F0:AB:5F:23:99:DA:09:B5:B6:3E:2C:85:16:0A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
airmanual.io
adamandbetsy.wedding
agromaxintl.com
ai-digital.xyz
auth.almostfreecalls.net
www.annaberkut.com
qa-prohealth-cmd.apollo247.in
quotes-panel.teorema.app.br
arkleenergy.com
dnc.beyondcentral.com
bhatiasoni.com
binxcrs.com
www.birkeland.io
blacktalentleadership.com
becca.bonasolvo.cl
brownbearakademy.com
cardgolem.com
campusaid.co.ke
collectumdata.com.mx
www.amad.com.tr
www.emreizolasyon.com.tr
old.compileit.online
darnejma.studio
www.ddmcloud.tech
www.decozone.in
toch.dev-team.club
dmeconnected.health
www.doncalle.com
dragonmatchgame.com
drschandra.com
edexcup.com
evanbaumel.com
www.fleetmate.app
genesislifesciences.lk
web.getcore.app
encuentrotransparencia.congresoqroo.gob.mx
m.godochurch.com
accounts.gotok.app
dev.accounts.gotok.app
myriad-protect.groupeducroquet.fr
osbapp.gubler-it.com
hkf-company.com
cname-to-cname-to-http3.horo.jp
smea-dynamic-stage.ibtikar.sa
www.icesculptures.com
www.imac.cc
industrylinq.com
ingilizceozelders.org
www.insanewriters.net
driver.inter.mx
www.jongbin.com
keepweightoff.net
kidslog.ro
kohadev.live
ldrsrls.work
app.leeskees.nl
trips.levo.aero
malibudance.co
mandaleo.com
app.mantra.ms
covidvaccine.mayamd.ai
meaningeco.com
merttaspinar.com
navoffroad.com
netsolxperts.com
neurosity.app
app-develop.arco.org.br
papajoue.ca
www.stg.posre.info
postock.app
pwapilipinas.org
dash.quoteninja.co
shop.reconise.com
relentless1.in
www.rieticket.com
www.rkxports.com
rummyculture.games
demo.securely.id
set-tings.io
link.shifinity.com
siamodonne.it
www.smartpi.app
solucionesaereas.com
srisuryanarayanaswamydevasthanamgmamidada.org
stealthai.org
t4logistics.ca
task334.app
www.tastybajaride.com
www.tinhk.com
landing.links.tots.agency
public.links.tots.agency
www.townandcountrysupermarket.com
coms.trollbox.io
www.understaid.com
mobil.vaccindirekt.net
www.web-dojo.de
static.wingate.web.za
tm.webfrontmedia.no
stg.yachtcms.pl
yamameinc.com
Other domains in certificate