DNS Gurus
Open Cached · just now
77/100 SECURITY SCORE

Certificate Information

Subject
CN=sunday-picks.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 25, 2025
Valid Until
December 24, 2025 40 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
6F:41:D3:71:1B:61:FF:7C:BD:2B:5F:74:65:5C:DB:07:F2:C6:32:D4:AB:70:EB:CA:79:85:13:6A:04:CE:1B:C5
Alternative Names
100 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains
angeltech.com

Other domains in certificate

objeditor.3rbehavioralsolutions.com
aimdigitech.com
aldridge-gives.aldridge.app
anidental.al
bradcarson.ca
fomo.brainrotapp.com
app.calven-tech.app
preprod-account.canstar.com.au
clearstore.clearobject.com
www.clonebrews.com
control-staging.cmorider.com
www.codedix.com
stoicapital.com.sg
cruisetech.xyz
cubanitosmifavorito.com
fsdk.customfit.ai
dance-virus.com
dapalab.dev
demolering.se
workspace.deniputra.com
dumpster.app
e-servant.com
eduardorp.com
app.enhancedapp.io
links.equipocabo.com
auth.fat-collection.com
fokaweather.com
frpichelaria.pt
za.uat.gaapunity.app
ios.goget.my
gumthemes.dev
highefficiencyhousellc.com
ifocux.com.au
inparallel.app
isayur.ipiring.com
j-pop-jam.com
naturaladventure-sdk.joinsherpa.io
web.jointangent.com
jugendfeuerwehr.app
kellyfolio.com
www.king-coffee.com
kintry.com
link.lifeclockapp.com
www.littleshrub.com.au
marcobertolino.dev
www.marktheunissen.com
mayr.fyi
admin-pay.mev.com
api.minutemerge.com
moonpyx.com
morrisfitzhugh.com
mosquiteros-toldos-quito.com
www.muenchhausen.dev
jd.nflo.at
nflperry.com
nikkothe.dev
www.officinefanuli.com
share.okki.app
one-chat.app www.one-chat.app
www.outofsyllabus.xyz
services.paynowafrica.com
www.petler.app
pianolessonssouthampton.com
pierrelamusse.com
pikefishingfinland.com
www.pikseltest.com
pixalya.com
plushtoi.com
presenzo.com
princetondinky.com
promca.com
r3dent.app
rakshapariksha.com
www.randomimagegen.com
readyforqueensball.com
reefte.ch
www.renaissancefootnotes.uk
account.senimen.app
insurance.sentinel.ng
www.serviciosvillagran.com.mx
tiempos.signandrun.com
stage.merchant.sliceq.com
sunday-picks.com
sunwaydental.ca
appafore.suramexico.com
syncglob.com
www.tctcleaningservices.com
www.techfinna.com
trackmyallergy.com
tshepzmogapi.com
univvoyages.com
vfl-wolfsburg.vebasoft.com
www.verdamd.com
westernroofco.com
whatsbotsm.com
console.whyleavetown.com
writer-app.com
fancykeyboard.xmmobilelab.com