Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=arkhamcards.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 22, 2025
Valid Until
December 21, 2025
40 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
27:97:A1:93:78:D1:13:B1:D0:C2:81:64:F5:75:5C:87:9E:14:98:28:84:B6:2A:21:C9:7A:2C:A7:41:B1:E2:BA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
arkhamcards.com
1111rent.com
www.ag-reserve.com
atm.allegro.tech
pay.allominute.com
www.andrewblack.games
app.anguard.ar
annwesha.com
asyncteachers.com
www.autocallrec.app
walletplace-events.dev.bcode.cloud
bjubookstore.com
brainns.com
bringgood.co
l.c-maido.jp
can-can.biz
cantey.dev
clctr.app
ozsoythebest.com.tr
dev.admin.courtisan.dev
www.cwcreative.online
dailyjobfind.com
danielistvan.com
mailing.dowork.ai
www.easy-rating.com
inventory.dev.elkaso.app
ezkl.app
falcons.ai
www.fatcatstats.com
feteapp.co
flyingblob.com
instantsaving.l.frequentvalues.com.au
frostmechanics.com.br
gestorgip.app
matlab.gmit.mn
app-qa-v3.gospurr.com
www.gungseochae.com
www.gwgreenltd.co.uk
uk.ihhsfair.com
incidentaware.app
beta.ipercash.fr
www.jasonblob.com
yearinreview.joederryhall.com
jrtrab.com.br
pay.roster-dev.kenoviiva.com
app1.kibun.io
svatba.kinst.cz
www.linehero.com
www.llamacook.com
www.manmunaisouthwestps.com
camilla.mappso.com
staging.mettle.studio
apod.mhiebl.com
iot.mindhive.fi
momend.com
momnzifa.com
mr-and-mrsreynolds.com
www.nancy-guinguettes.com
swcdevice.ngsc.au
www.normalen.no
alharameen.nt-me.link
services.ordoschools.app
ostermannfamily.com
b.othercooked.com
landing.parfums-asie.fr
www.partyhuntnash.com
paxdynamic.com
psclient11221.philanthrosphere.com
pimmia.com
portalsllc.com
profoundsocial.com
admin-panel-dev1.qlub.cloud
quikk.dev
www.redas24.com
resourcedex.com
www.savemybio.com
www.servicesbeforehouses.org
servicewaydigital.com
app.sevilladeboda.net
app-iguatemi.sistemasimo.com.br
smallbusinesscommunity.ca
www.soroenergy.com.br
adnetwork-adserviceadpage.spaceeight.net
speke.im
get.sremote.app
starthq.de
stratifylabs.dev
portal.takeoffdroneproductions.com
thefreestudios.com
trident-fish-bar.com
tulukahindu.turnosweb.app
my.uc-bcf.app
installer-staging.verdantsolar.my
viewmedia.com.au
vnintelli.com
beachhouse.wildgaming.com
wioflix.com
beneshop.xptoconsig.com.br
niina.yamagata.jp
ziggyliu.com
Other domains in certificate