Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.icalmamantenciones.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 20, 2025
Valid Until
December 19, 2025
33 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
1B:8E:B0:D9:E0:18:2B:D3:AC:1F:72:4F:AB:0F:62:6E:3D:25:16:FD:A2:AD:71:A0:C8:EE:A5:06:EB:29:AB:74
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
allpasso.com.br
aalarifi.com
abccltd.com
www.activesf.com
affilatenetwork.co
affilatenetwork.com
affilatenework.com
affillatenetwork.com
afilatenework.com
afiliatenetwork.com
alburycleaningservices.com
www.apprevise.com.br
app.ar-engage.com
www.arcondrilling.com
atozsprinklers.com
bluestreamuae.com
bostoninsight.com
www.broccoly.app
bot-sf.nightly.c-plus.chat
support.clarencechng.com
www.universelab.co.kr
www.creativewebware.com
s.crowtec.co
admin-app.doctorlib.com.br
dropshipping.se
matricula.fce.edu.br
fin.ein-network.com
mandarin.ent.ne
www.eren-bal.com
www.erpoficinas.com.br
ethosmodernmedicine.org
link.fitterup.com
gallop.kiwi
gamesgrid.me
staging.getfinstack.in
www.godaymobiles.shop
www.gpestudiocontable.com.ar
pallieter.greifmatthias.be
www.notifications-page.fm.grzeg.pl
habeas.hu
www.icalmamantenciones.com
it2000nhom1.id.vn
effie.insites.eu
jackjoynson.co.uk
join-the-field.com
www.kapital-ai.com
www.kidscaffeine.com
www.larismael.org
i.latoken.com
flashcards.learnjavascript.online
stage.learnjavascript.online
www.legepladsen.dk
letsvibe.space
test-partner.business.lifebrand.life
millicentresidence.com
cert.octigo.pl
dl.on-board.io
listen.oso-ai.com
www.passiveaggressivegpt.com
physiocairo.com
l.st.ias.prepp.in
nihola.reepco.dk
www.revyvcare.com
sharehome.biz
digisco-support-dev-841269483753.sis-direct.jp
digisco-support.sis-direct.jp
authpmipati.softwaresimko.com
www.source7.com
adnetwork-canary.spaceeight.net
sparecentsaving.in
luminet.speakylink.ca
stores-discount-app.speakylink.com
srishabh.ca
outlet.standager.com
www.starstuffgames.com
www.storegear.nl
staging.swifttms.cloud
www.tahnik.com
www.taka-capital.org
thebityard.org
www.admin.thecodeflix.com
fidesarte.thetislive.com
one-legacy-staging.thrivecap.com
tibble.io
alpha.maps.tripomatic.com
trueping.me
umair-saeed.co
vedicq.com
belivertzonnepanelen.verbeterthuis.be
admin-pay.wink.travel
administration.wink.travel
pay.wink.travel
staging-administration.wink.travel
staging-agent.wink.travel
staging-elements.wink.travel
www.wortstellung.com
comprenautica.gestor.stg.xrauto.com.br
www.yuki46.net
auth.zatoplan.com
zethontech.com
Other domains in certificate