Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.bloemekets.be
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 10, 2025
Valid Until
March 10, 2026
63 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5F:BE:17:1F:E6:E5:14:2B:EE:D1:AB:FE:E0:BF:85:F2:09:F8:DC:80:8C:E7:33:94:BF:82:79:38:11:67:4D:D1
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
app.bizavi.ru
beta.afipayments.com
auth.agenthost.ai
www.alien.fit
www.almafintech.com.ar
offshorerental.anekonnect.io
provincies-goed-gesprek.appdashboard.nl
aranytar.eu
arualgj.com.mx
atkinsbookoflandscapes.com
www.australiankitchendesign.com
betterstudy.ai
bitident.com
blackible.com
www.bloemekets.be
www.brianpark.ca
browsandyou.ca
calcularfretecorreios.com
carematehygiene.com
www.chimepad.com
clastr.com
hola.cloudframework.app
vita.cometius.app
es.covid-map.app
admin.creativo.org
ce-backoffice.staging.creditoexpress.com.br
datajungle.co
www.digimall.tn
auth.eatassistant.it
i7.yeditepe.edu.tr
hocnhom.edu.vn
elancerbusiness.com
enisuysal.com
sandbox.app.eyeli.com
pwa.fmhosting.it
www.followuson.co
mygympal.gallarotti.net
app.gopetplan.dev
www.grabsteinereuter.de
demo.res.heny.app
sso.homedia.com
hotelgoldenh.dz
iamven.page
akiraaswell.id.vn
indianoilretiredofficersassociation.com
shop.isfjordscentret.gl
jected.net
johnmarquard.me
support.mahersaham.com
markgolubev.com
mature-perc.com
www.medaxpert.com
meoshin.com
mgenio.com
nbs.misschool.net
firebase-spike-1.mobiusly.com
monklabs.app
currencysh.mshguru.com
mxlockers.com
myairpay.io
myoneid.fr
nalu.app
napbigo.net
www.nbinobied.com
www.neurojim.com
www.nextlevelfitnessgl.co.uk
numoonprojects.co.za
platform-manager.oakmorelabs.cloud
crypto.olegkalugin.com
orb.farm
girlfriend.patrickwilliamweaver.com
pdfsnake.app
pay.platirublem.ru
www.puzzletime.app
menu.queueninja.com
www.richardlovesabigail.com
roggeli.ch
portfolio.roumili.com
runedigital.com
sabatech.in
scaleit.lt
sh4rp.com
old.sharifqasrawi.com
dinein.simpexo.com
www.sitetostatic.com
www.smokekiss.in
sprinzo.com
bubbakoossamcoadmin.sqwadhq.com
gsurace.sqwadhq.com
stevehaar.com
studentcalc.co.uk
oracle-netsuite-demo.internal.styloml.com
app.swift2do.com
www.synscape.ca
tecna-sales.tecnaprofessional.eu
verify.timetobelong.com
tinydrago.com
collect.totalsuite.net
vinz.dev
staging.smartweather.weatherflow.com
Other domains in certificate