Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=jp.gorillaroom.net
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 22, 2025
Valid Until
March 22, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EC:84:6B:B8:45:B6:6E:AC:4B:CD:23:1D:95:66:EB:FC:4A:D8:00:52:EC:F6:1E:CF:8C:D0:53:61:DA:0A:74:3F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
3d-watch.zero-one.cloud
arion.zero-one.cloud
2019.dddeurope.com
mxt3dspins.3dcloud.io
adigoldshtein.com
www.allyants.com
amtdairyfood.com
app.ancoraflats.com.br
ankakoltukyikamaa.com
gpfrance.deeplinks.bfansports.com
app.binarbase.com
www.blupeyi.com
fire-words.bobby-christopher.com
bobstoute.nl
adrien.carlier-mory.com
www.chompy.jp
www.clarityxp.com
www.collabo.studio
repairmanage.edti.com.tw
demo.consultify.in
app.danna.ai
egitim.disleksiokulu.com
www.dyad.tv
www.dylanskelly.me
effai.me
egraft.org
leaderboard.eliasdesmet.com
falconsoftwareservice.com
license.firialabs.com
frazerlinscott.com
app.galas.fm
getinsight.com.br
dashboard-stg.getsilt.com
www.gilbertchang.com
glitchmap.glitchbot.dev
m.godochurch.com
jp.gorillaroom.net
greatminds4u.com
headstrt.com
career.hireme.cloud
hopsa.be
webmail.iheoperations.com
demo-cams.insideapp.net
kaplan-students.ischoolconnect.com
jcarmin.app
api.jevents.uk
kamarmack.com
www.kherel.com
preprod.kipinto.ch
www.krakow.estate
www.krampera-stavby.cz
blog.lagoonlive.com
lenditsl.com
app.letsemjoy.com
sgintegrador.liidutpl.ec
ai.lukecutting.com
manifestation.market
www.marinacodda.com
metallama.com
rufirebase-c3.moboreader.net
investor.morrisons-corporate.com
www.mytownrocks.co.uk
go.ngoailam.com
v10.ngrx.io
www.nicwarellc.com
api.nines.wtf
log.nival.me
noisyloop.com
nyxspace.com
oninov.fr
blog.pitwall.live
www.psychedelia.online
timer-dev.resamsel.com
stitchphotos.rockybrain.com
apis-staging.romulus.io
www.seelaan.com
www.sembrandomusica.com
www.seppe.dev
api-clientes.servicesdtk2.cl
sevora.pro
clientes.simpleshub.com.br
www.siphuma.co.za
kura-storage.spaceeight.net
www.superlemon.xyz
www.swabifoods.com
kuubam.edifyin.teamin.in
tikker.ca
timlaivi-bitcoiin.com
functions.tp-connect.fr
www.traveladvantage.today
tsswira.com
www.uhub.app
peter.ursem.cc
app.ut-stiho.nl
tm.webfrontmedia.no
welcometonewyork.de
whizzytales.com
willnow.dev
elements.writi.io
api-dev.xstatus.me
Other domains in certificate