Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=kulukorvaukset.satakuntatalo.fi
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 11, 2025
Valid Until
January 09, 2026
60 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
8C:69:5F:81:05:D0:01:F9:EA:86:85:54:55:81:26:C9:36:3D:EC:F9:3E:05:0F:C3:24:9B:EC:19:CE:F7:72:8F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
asnppc.com
wheel.a4apps.com
abroadwinner.com
alanian.com
sheepmatch.h5fb.albayoo.com
allmunchkins.com
auth.allstreamhub.com
myexpense.anmlumo.com
www.athletlance.com
kiosk-dev.atlas-apps.link
app.azall.com
www.bloodypudding.com
bodadavidyzoe.com
buixuanhanh.vn
www.casaswok.com
www.catobranco.pt
www.chrischv.com
churrasqueirabbq.com.br
auth.cloudyrice.com
www.nganyagroove.co.ke
manager.fitmily.co.kr
signalkorea.co.kr
sapphirebluesoftware.com.ng
dms.consumerlaw.com
dmsdemo.consumerlaw.com
createbuilddestroy.com
www.daidalos-ag.de
behaves.datalayer.ca
davidhaven.com
deepsex.live
dev.duxbe.com
e-binder.ch
webapp.e-hosho-fes.com
oyanow.eddress.co
www.faculdadeibg.edu.br
clientefactatest.finantah.com
www.fuelpricesuk.com
stg.getmytata.app
grantrulon.com
clientes.gux.tech
auth.hec133.com
hipocampoeditores.com.pe
icmigroup.in
instaseoshop.com
grocerylist.jamesonsaunders.com
www.johanbissemattsson.se
jumana-sa.com
kingsleycollection.com
sopadis.kiosk-admin.com
cloudcast-stage.kiswe.com
z.kmpr.in
kngventuresinc.com
kngventuresllc.com
mcsa.kro.kr
landscapepapers.com
invite-dev.languagedrops.com
www.leaselens.ai
www.leftthings.com
www.liatas.me
link9.in
linkg.in
luxvidamed.com.br
maplyze.com
implementor.mathematikoi.co
www.meltingsource.com
www.minghongli.com
museumsavitsky.uz
na-sso.co.jp
www.oladalniel.shop
www.oneway-dropcabs.com
www.scan.orai.io
orionandpartners.com
dev-api.opendata.albatross.pirika.org
admin.plugpix.com.br
engagement.pod.ai
www.polybiuslabs.io
portal-patient.com
powertecheletrica.com.br
gdw2.projectboek.nl
app.quickstats.ca
live.dev.rallygo.eu
sky.rebus.com.co
a.rezmo.in
www.riskey.io
kulukorvaukset.satakuntatalo.fi
www.seeraht.com
ombroscope.sgibout.com
superduper.sgospel.no
trial.subtlemedical.com
suprauth.com
asvf.t3i.fr
tekacs.com
ekartapp.tindasolutions.com
www.tingvollsalmonfishing.com
tlstargets.com
www.tonl.co
torkke.com.mx
conductores.traslada.com.ar
www.valentinelys.art
zapdireto.app
Other domains in certificate