Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=canada.citizn.world
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 01, 2025
Valid Until
March 01, 2026
88 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
83:16:DB:B6:5F:B4:98:D6:9C:71:84:79:A7:3B:3C:9B:75:CC:A6:F7:4F:9B:6F:42:EC:1E:16:AD:12:0C:A8:F7
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
app.sponyo.com
www.alantaranti.me
store.alemoreau.fr
as-support.tech
sofer.azuma.sk
banklog.mp
share.batwinner.app
app.beezpz.com
bisflow.io
www.bitfog.co
dev.buildas.io
immoadmin.certinergie.be
canada.citizn.world
davidku.pro
app.dayadaya.com
dl.digigurus.net
hauler.docket.works
d1-myshipments.dpd.co.uk
qa.dynamicloyalty.ai
app.ed-xp.com
taxonomy.api.fielder.one
admin.found.cloud
futbolba.es
tbsim.gabriello.fr
globalitc.org
www.gofora.org
atami-survey.groundnode.com
dev.app.halodao.com
hannibalnow.co.za
api.heropay.app
www.hym-namu.com
www.iatrus.art
storyline.igeddit.ca
firebase.myapps.in.rs
universal.itstrending.in
prjct-me.jaygx.me
jmjsistemas.com.br
staging.joinjobox.com
www.kartechnl.com
kazokuexpress.com
meetings-dev.kickscale.com
client.knowledgepele.com
kreahr.com
www.kumia.net
www.kybtransport.com
movie-db.lucianiernye.co.uk
virtualvan.manchestervoices.org
min.mateofaivre.fr
www.meetingcontrol.live
admin.megastaging.ca
app.mess.ms
mimiria.studio
www.mischty.com
app.mooveandgroove.com.au
mypanic.link
dev.nasheedstation.com
app.ffm.nxt-lvl.ink
www.online-wpk.ch
bazz-app.oz-tms.com
patrickgabala.com
app.payandconnect.co.za
www.pentanetwork.org
portfolio.pimpapat.me
thitsanelectronics.piticommerce.com
dev.auth.playbook.vc
crm-licenciados.presen.ca
procpro.com
www.qorbani.com
staging.rollingtrans.com
scams.tips
share-todos.app
www.dev.sharekey.com
shufflebuy.app
skwai.com
www.solitr.com
soulh.dev
spheverse.com
landing.stomalink.ro
www.switchai.nl
francis.taskfs.com
www.telltouch.com
www.therebbesohel.com
apps.thesim.com
www.theticketbot.com
www.tiangewang.co
timerange.app
tinyquiz.io
tlic2024.org
tt.todi.mx
dsmwidget.toolabs.com
www.typischkunst.nl
api.unifii.ng
ensolweb.venttu.com
www.wedding-helena-fernando.com
cdn.welcomments.io
whatwearandwhen.com
www.wirelessbro.com
www.yosemal.com
editor.zodhyatech.com
link.zoomies.pet
Other domains in certificate