Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=apps.pdamkotasmg.co.id
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 20, 2025
Valid Until
January 18, 2026
63 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
2A:36:3D:20:EB:11:74:05:6A:00:54:17:95:F1:25:6F:FB:A0:4E:1E:E4:C7:87:07:87:57:4B:08:DC:27:B8:BA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
ananas-creation.com
11.11.chanmi.kim
7starductcleaning.com
abhishekcodes.com
abhisheknandi.com
aelora.nl
app.aimwealthrealty.com
ambermartinez.dev
dev.client.amooto.com
www.annabananabakery.ca
app.baristirewards.com
assinatura.blueenergia.com
bnbniagara.com
brian-nguyen.ca
framhoppning.brightscreen.se
www.busyletter.com
logo.candlewave.com
carcondoclub.com
www.carealth.com
certifiedtrue.co
civfinder.com
kgsc.clickship.app
apps.pdamkotasmg.co.id
puru.co.in
www.codzoss.app
app.meletis.com.my
www.gain.com.tr
corethinksl.com
dakotacountychambers.com
traveltracker.danialechoes.com
dev-dashboard.demoprep.app
devinowen.com
auth.dickens.ai
dminsnetwork.com
link-staging.dokki.dev
osio.app.edom-electric.com
www.filmikool.edu.ee
www.edvindizdarevic.com
elevenofjuly.com
ellenhossain.com
emperox.com
www.enverrahman.com
explainium.com
memes.fofo.dev
pedidos.fortespdv.com.br
fourseasonsvape.com
gardenpro.ai
www.gcampax.com
staging.gkcloud.no
app.go-conscious.com
auth.graphline.io
www.greenpointhall.com
notesy.gsnmithra.com
app.henrycrm.co.za
www.hobajoba.com
www.inverze89.cz
www.jonaswanke.dev
www.kadupenido.com
www.kamosumiso.com
kmcleanandshine.com
business.stg.ekyc.knoxpo.com
contact.stg.ekyc.knoxpo.com
main.stg.ekyc.knoxpo.com
sai.lasg.ca
www.loff.no
deeplink.manadrdev.com
manpowersolutions.com.au
community.maxtowers.com
pic-pferdewetten.mentor.neccton.com
nickbprogramming.com
www.oloflindh.com
openanewmarket.com
okr.oslo.systems
sase-next.dev.appsvc.paloaltonetworks.com
tenants.parkchamp.ca
psclient11254.philanthrosphere.com
positivebusiness.pro
auth.mbies.proxybk.com
dlink.q-park.com
qad.com.mx
www.quizolympics.com
reikogilbert.co.uk
www.rememberkevin.com
www.route32.ch
saabia.com
app.shipgrande.com
app.shipwithechho.com
uutah.sowl.to
admin.sunkara.io
course.teachmehipaa.com
teesnipe.com
templeac.com
www.templetone.com
el.tong.network
yamada-con.trektrack.jp
trevs.com.au
vithelper.in
workshoppe.app
app.xapobank.com
www.zipzoneunicon.com
Other domains in certificate