Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=cronometro.net
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 02, 2025
Valid Until
February 01, 2026
66 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
22:9E:80:74:4E:C3:91:F7:88:44:2E:7E:C4:C8:F8:AD:C0:89:36:71:40:93:29:94:1D:38:76:61:8B:E0:4E:6D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
aistudios.co.in
auth-api-client-example-1-dev.77-bit.com
www.8bityoda.com
8quad.net
addiante-portais.addiante.com.br
auth.adminsign.com
www.agilesustainability.org
www.alexander-carpenter.com
alexdoumas.dev
www.allsmilessvg.com
www.augustinejacob.com
www.bengalnewshunt.in
bookkeepingcorporation.com
civilsa.net
app.classifly.io
www.codeenthusiast.com
www.comingclock.com
www.coxbusiness.online
cronometro.net
pay.cubixpay.com
cust-a.dev-ltl-xpo.com
devanshkaria.dev
www.dgfolio.com
gov-mapper.dialogueframework.com
link.digitalinnovation.one
dinfluence.ch
donaldtrumptruth.com
www1.dotdip.ca
webrtc.drachtio.org
www.ecoshilp.com
edify.me
www.epicpandagames.com
expresiongraff.com.ar
falounge.jp
www.farhaservices.com
api.getspam.app
www.sebastian.ghiveci.com
staging.graviztelescope.com
questify.gretxp.com
helenaplusmichael.com
www.humanprogram.com
leads.i2-sys.com
notflix.jamesnowecki.com
kalpavrukshalandscapes.com
karandeniya-temple.com
totem.knobs.it
www.kolberg-kollegen.de
kudos.kudosone.com
lavchat-agent-v2.lavenirapps.co
www.lifeofanelf.com
www.ltb-media.com
masjidumar.us
www.mbxr.io
www.michaelwells.dev
app.mindfulsms.com
miong.es
mshio.com
apps.mubasher.info
cloud.mycloudvip.com
mydigisigner.com
pic-goldennuggetontario.mentor.neccton.com
v1.tax.niceloop.com
www.noopurkashyap.com
staging.objectiveguitar.com
play.odiho.com
draws.ontariokayakbassmasters.com
oneday-saga.or.jp
pantufla.net
pcbplay.com
pickaxe.media
www.polygoncast.com
nova.portfolioview.co.za
postprobe.com
censo.prevtechweb.com.br
marafon.printslon.com
project-unknown.jp
brigadereaumur.order.pulp.eu
share.realize.design
realveiculosudi.com.br
manage.rentadvisor.com
scientificas.com
shabil.xyz
shivamdroptaxi.com
shopped.co.nz
dev-portal.shopthrilling.com
silverblades-wu.com
odontodemo.smartin-hclinicos.com
www.suhailcr.com
www.swapnasheela.com
www.throne-recruiting.com
www.twyfordroundtable.org
backoffice.uapplyabroad.com
vahe.urartusoftware.com
dev.veewar.com
webassets.villagemaps.in
vocapino.com
waverleyhouse.org
www.weerasak.dev
auth-epo.winticket.bet
wonderwallindia.com
Other domains in certificate