Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=manual.bayareapediatricsurgery.org
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 23, 2025
Valid Until
March 23, 2026
87 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
4B:76:57:B2:87:AA:14:25:5E:25:28:42:C0:D9:75:B4:9F:83:D8:84:89:9B:DC:C6:1F:1F:5A:14:60:E5:30:DB
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
app.driver.com.ph
app.africase.co
www.aifortutors.com
srarti.aimcomely.com
joel.alenchery.org
apptico.com
ariwisenburn.com
www.baroqueaccess.com
manual.bayareapediatricsurgery.org
www.behandler-booking.dk
uatproddesktopapp.bizopsapp.com
bluepeyi.fr
market2.bonusgroups.ru
www.broadboard.club
www.btpcfa-grandest.tv
bzsoftware.com.br
camdowns.com
junior.campese.com.br
caryea.com
www.certificadodereciclagem.com.br
charliepark.com
nst-ap.nst.com.my
www.roshangautam7.com.np
api.book.oneclass.com.tw
www.proinbro.com.tw
lacucha.com.uy
diseno.digitalcupon.com
dev.driverone.org
www.east-fields.co.jp
timer.eggstudio.jp
entreprise-enveo.fr
download.epap.app
erayturan.dev
foodmood.health
firebase.fugudev.online
funrewards.com
getmicdrop.com
site.globalcredit.ua
www.globaldentalstudio.com
admin.notary.gov.ng
www.harapanfajargemilang.com
hariomjangra.tech
share.karuta.hicard.studio
www.hthmedialtd.com
www.hydro.tv
mebal.in-modesty.jp
www.innostash.com
www.insanewriters.org
jaymeeneedsattention.com
judychu.ca
julesruby.dev
khushidyechem.com
appheartbeatmonitor.lazymen.eu
leannechandler.co.uk
legasint.com
forum.loopstring.io
markducnguyen.com
messinew.com
reachivy-mba.metis.club
actionmanager.mftkit.com
rechnungsportal-test.muessig.app
uebm.mybookplus.net
nate-duncan.com
www.ndcrpf.org
www.novoinox.com
nww-media.com
oorganized.com
freelife.freezone.org.ua
plusthat.com
chrome.portfoliolink.co.za
www.printingw.xyz
unified-official.reflex-bikers.club
www.richardli.zone
roboscouter.com
apnabaghban.saasbanana.com
www.savetheplanetgroup.org
senoo.me
web6.shiur.cloud
spindrops.com
srismilecare.com
stephanieraymos.com
go.student-lt.tech
studiopigglepsicologia.com
synergydiving.com
ishango.tadafaba.eu
draw.taptaplah.com
www.beheer.toegangsbon.nl
artisan.travauxdemain.fr
digest.tryhabitual.com
www.ucreferral.com
unitedspacerangers.org
go.uspersonalhealth.com
egnsarkiv.util.dk
www.veeaccounts.co.za
www.veralink.io
testapp.viralfission.com
beta.waterbot.com
join.wondors.com
woodworriesbuilderswales.co.uk
yasirdesign.com
Other domains in certificate