Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=widgets.firstdollar.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
November 21, 2025
Valid Until
February 19, 2026
47 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A0:1F:77:65:E2:0C:9E:FD:DF:EC:4C:7E:D6:52:93:11:B9:B7:B7:47:DA:D0:44:C2:2C:CF:93:A8:B8:2C:BE:30
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
app.klugklug.com
cms.activout.dev
staging.auth.agentnoon.com
tw.signage.aigens.com
saml.argyle.com
panerai-sokol.arianee.net
papeclement-sokol.arianee.net
test.arianee.net
blog.askdigsby.com
www.askdigsby.com
sapp.avplat.com
arenberg.azfalte.com
fleet.azfalte.com
app-prod.basehq.com
www.becerrayasociados.mx
2mit.beetek.net
digitalbeertap.beetek.net
flashmedia.beetek.net
hexa.beetek.net
ledsee.beetek.net
docs.billtech.pl
oauth-demo.bitkubnext.io
sales.bluewindowltd.com
boomerangmaker.app
www.bt-coding.com
herodotus.caddi.io
cantaio.com
web-staging.chippercash.com
web.chippercash.com
proxy-test.cipherhealth.dev
app.closecare.com.br
shop-test.remaxthailand.co.th
vfix.co.th
www.vfix.co.th
fortune.top.com.hk
staging-1.commonowner.com
feature-requests.coophi.com
development-neptune-report.cox2m.com
docs.dev-crazygames.be
pros.elder.org
www.eucasec.cl
afolu-ndc.review.fao.org
diem.fao.org
digital-apps.review.fao.org
digital-toolkit-edge.review.fao.org
locust-pms.fao.org
api.fictioneers.co.uk
app-link.firi.com
partner.dev.firstdollar.com
ui.firstdollar.com
widgets.firstdollar.com
app-staging.fitillion.com
santa.games235.com
shooting.games235.com
sso.governorhub.com
firebase.growithjane.com
www.helveticascenario.dev
hoaready.com
widget.otk.in.ua
console.dospace.io.vn
rd.jtcdn.net
indianwheel.kingbillycasino.com
kingsgun-de.kingbillycasino.com
webadmin.kinver.no
www.kompliance.com.au
league-admin.league.dev
league-e5b90.staging.league.dev
league-hm-firebase-beneficity-staging.league.dev
league-hm-firebase-iel-staging.league.dev
admin.lettopia.com
www.limsabc.com
admin-test.listingloop.com.au
developers.livestax.com
simulator.livestax.com
theme.livestax.com
staging.mache.se
www.mache.se
api.magireco-friends.com
wildcard.marteye.ie
maxlancer.com
monkeycube.studio
tour-app.multimediafabrik.com
mvmobile-dev.myvenue.com
dnx.naranjax.com
app-link.ndax.io
promo.ndax.io
serverless-staging-api.safe.space
auth.smartwalk.com.mx
sth.sh
mo-ab-staging.streak.tech
app.tellow.nl
betaalverzoek.tellow.nl
pay.test.tellow.nl
www.theresnotime.co.uk
thesushibarmyanmar.com
truemarkusa.com
prod-feeds-microapp.waldenu.edu
staging.atwi-br.webedia.tech
staging.fortnite.webedia.tech
atlassian.zenuml.com
Other domains in certificate