Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=www.balsambayoutfitters.com
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
November 22, 2025
Valid Until
February 20, 2026
52 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A7:5D:8B:B6:E4:A4:6E:95:18:EB:A2:DC:0C:9C:BE:06:45:BE:BE:8C:A0:1A:59:28:AA:5D:55:64:A6:31:20:68
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Wildcard CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
ambbyte.com.br
www.ambbyte.com.br
9quadrinhos.com
adhix11.com
agendafacilcliente.com
www.aicommunity.dev
auth.aiexplorerapp.com
jcr.console.aigens.com
frontdesk.aiii.ai
organonth-url.aiii.ai
www.amipreorder.com
www.autoshkolladigjitale.com
auxcorde.com
auth.broad-bull.avasecurity.com
b312studio.com
www.balsambayoutfitters.com
card.bitkhanan.com
mt.bitmark.com
brandeablestudio.com
platform.caplight.com
admin.cgodev.com
admin-legal.coconala.com
user-dev.legal.coconala.com
cox-lvub2.cox2m.com
barnamaj.danacommittee.com
dashfinanceapp.com
dev.tube
developyourmind.app
www.doyouknow.today
droneflyzones.com
dwoth.com
www.elrespetoserespira.com
auth.emitickets.com
app.equevu.com
prepaid.etralis.com
www.exploreverge.com
api-doc.filio.io
forget-me-not.app
www.forget-me-not.app
globeaccesssolutions.com
khmerenterprise.gov.kh
greenburghcorruption.com
hamadjamal.com
data.humanrightsmeasurement.org
www.inspedium.email
staging.instigate.ai
wire.io-fund.com
mcpanel.istiakrahman.com
admin.karfi.co
keepitech.com
app.koyonation.com
lootpe.com
login.meubaba.com
www.mimievents.co.za
backoffice.move-globally.com
brands.nativelayer.ai
dev.nativelayer.ai
nduduzo.com
ninjapower.co
familiaeamigos.nos.pt
tecmais.nos.pt
omerfarukorhan.com
playbosspoker.com
quantumlabs-ai.com
mta-sts.r42.ch
stage-tickets.rct.uk
mta-sts.rsbg.ch
connect-ng-carrier-assigned-loads.rxoconnectdevint.rxo.com
enedis-homologation-square-sense.s2.app
www.simpliweather.com
auth.sobrecupos.app
ar-stage2.sunflower-of-courage.com
ar-stage3.sunflower-of-courage.com
stage1.sunflower-of-courage.com
stage2.sunflower-of-courage.com
stage3.sunflower-of-courage.com
syncvo.com
talentosit.app
www.thesushibarmyanmar.com
topdownsrl.com
www.laembajada.tur.ar
demo-admin.unbiased.ml
web.unkai.cl
admin-staging.vnlp.ai
dashboard.rtm.vnlp.ai
labelbox-dev.vnlp.ai
livechat-mb.vnlp.ai
va-dev.vnlp.ai
va-en.vnlp.ai
va-vpb.vnlp.ai
europawakosta.vrtnws.be
bpm.waffle.city
watchsoc.ca
staging.atwi-fr.webedia.tech
staging.atwi-mx.webedia.tech
wevegotcancer.com
writexy.com
xn--daysblg-5c9qzc.app
pilot.youtranslate.bible
app.zloviewer.dev
Other domains in certificate