Open
Cached
·
just now
78/100
SECURITY SCORE
Certificate Information
Subject
CN=staging.orinoqo.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 21, 2025
Valid Until
February 19, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
75:C3:58:E0:9C:A2:DB:3E:5F:BE:3C:15:0E:DA:4D:0A:5B:79:AC:4E:D7:6C:3E:2D:A6:14:37:71:84:6C:4E:08
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Weak
require-trusted-types-for; report-uri; object-src; +3 more
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-W8Fp60Ej5fRxelSvffz47Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
auth.onext.gr
aliarsen.com
alonso-samper.com
api.apijuridica.com.br
appdeco.ca
appwow.co
zone.assignmentsage.com
www.atrugo.com
awright.me
ncc.beebox.vn
beliantech.com
bencaing.com
benjamin-morelle.fr
bepublic.online
www.buildtracker.io
cartman.dev
www.charmxr.app
auth.churchrooms.com
auth.cleancult.com
clevernet.app
workwith.co.il
ronakcorporation.co.in
gebzelalebahcesianaokulu.com.tr
staging.bynder-connect-platform.dataggo.com
dashboard.beta.self.dinii.jp
friends.dzouka.com
staging.patient.ekonsultaclinic.ph
asana-partners.ele.vc
elemantistechsolutions.io
ellagal.com
get.everbloom.app
finesseology.com
fintwit.ai
www.gaassau.com
skycast.gallichan.app
www.gateway-71.com
gerverscop.nl
www.gsvrisk.info
halaeats.com
halsovis.se
www.harajuku.wtf
www.hitest.ca
www.humancloud.xyz
icfsouthampton.org
issifi.com
jeets.app
joeystudios.ca
deep-link.justsimple.finance
app.kadmik.in
downloads.launchpad.promo
www.liewi.it
lizhuli.de
lynns.me
www.mariabiquineira.com.br
tutorial.meander.media
kuran.mek.app
memstate.io
quiz.dev.merlo.cloud
www.miturl.com
dancehub.mshguru.com
mylittlehero.am
viewcor.netradar.com
nexusongrand.com
o-p-e-n.com
staging.orinoqo.com
www.ratesrecaps.com
redbrookcreations.com
www.reiche.dev
app.roble.eco
www.ruhland-kallenborn.de
sahibolamr.com
www.schockportal.nl
scoldtime.org
www.scoldtime.org
seanfinnan.com
shipshapecoastalinteriors.com
order.simpleservice.app
stephenwomack.com
admissions.stjosephsgroup.org
stsdeliverysolutions.ca
sudameriaviajes.com
tool.talkwithguru.com
www.tavolarasportingclub.it
www.taylorpiccarreto.com
technotriumph.app
tekotattoo.com
appdev.teletec-tis.com
theismengineering.com
sales.thespire.co.nz
trevorbolton.dev
tripbuddys.in
ethraffle.udayvmenon.dev
auth.thrive.uk.com
auth.videozen.ai
www.vigory.app
www.voidmonkstudio.com
staging.walk-for-alpha1.com
www.smarthome.wasdlabs.com
www.waseet.store
zenvy.design
Other domains in certificate