Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=cha.cafe
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 11, 2025
Valid Until
January 10, 2026
37 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
35:E7:63:5F:2E:78:5C:16:32:B9:C5:DE:72:E4:0A:11:18:17:76:A6:C2:16:9D:0B:CE:61:9D:F7:47:97:C1:EF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
script-src; object-src; base-uri; +3 more
script-src 'report-sample' 'nonce-8M4Aay7v-DOH5TqzMpTO2A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
app.medocoach.online
cms.3dcloud.io
cafestrudel.abacus.co
compass.abrain.it
agile-forward.com
www.aimbrella.com
airesalud.cl
ambalkar.com
appcoa.com
www.aranchaypablo.es
arudito.com
asp-performance.ca
auteurobjects.com
batteryok.in
www.exhibitor.berufsinfo-world.at
www.brandongrant.me
www.builda.homes
centrodearbitrajeymediacion.com
cha.cafe
legal.healthcloud.co.ke
compassionalignedtherapy.com
ecm.api.coopers.pro
www.dcomprasenmiami.com
gestion.deconseil.com
proinvent-4.dev-ltl-xpo.com
www.dnalauncher.com
admin-staging.doyumeibo.jp
dynode.dev
karur.eacabs.com
openvar.ecampus.camp
tanzania.eeaser.com
forms.em3law.com
epicgoodsco.com
ufm.fastvalue.vn
app.figueroahermanos.com
foxdale1651.com
www.frederikbehrens.com
fredlund.nu
esp32.gillspie.com
haisushidelivery.com.br
dice-roller.handc.app
queue-customer-test.digitalse.ikea.com
hwdlongbeach.impactwrap.com
join.isprout.com
mesa.izfood.com.br
trash.jazo.ca
jeanniechiem.com
match.karla.ai
cloud.kuto.app
trivia.lancejabr.com
www.lescrocsdelanight.fr
www.liar.fyi
lognira.com
app.lstn.ai
librojuegos.mal3kith.com
mayaeduweb.mayamd.ai
officialspanel.mka-karate.org
move-n-it.co.uk
www.namal.dev
reshop.nxgsoftware.dev
social.odpay.in
firebase-chat.okdohyuk.dev
www.orangenest.id
www.provabic.com
cop15.cmm.qc.ca
ra1no3o.dev
radontechnologies.in
market.rahsathi.com
www.raidbuilder.app
canteenmgmt.rcloud.dev
renewablewardrobe.com
www.robertomotors.com
www.romanyefimets.com
crew.runwayclub.dev
sedlarobchod.cz
www.seekersandadvisors.com
cents2bills.sipora.io
soapmagazine.net
www.soldmaui.com
sonarping.de
ai-web-test.sportskingdom.io
www.sreemagaltravels.com
steppingstonescommunitysupport.com
stickerland.app
structility.com
azparts.swapptechs.com
www.teknodevs.com
analytics.tempo.systems
app.testograph.com
uneleap.com
vendlive.us
provider.verifymy.id
www.virshields.de
www.vojtechhoranek.cz
reservations.watersedge.lk
www.wereviewhq.com
whatwayto.com
wifiwarden.app
willisandbuckley.com
testing.labcare.zym365.com
Other domains in certificate