Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=mashfai.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 08, 2025
Valid Until
March 08, 2026
57 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
BF:8E:88:11:A0:F5:EA:27:83:D4:E7:C6:3F:BA:09:B5:77:06:44:F6:03:AD:6A:24:F8:79:28:6D:66:51:23:F3
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
brandora.mx
3670931.xyz
web.aiblend.co
www.akashaher.com
analog.pk
www.analog.pk
theni.anbudroptaxi.com
andrejonasson.com
www.apnatechteam.com
www.appclienti.it
aniemeyer.appshare.com.br
www.armstrongaftercareservices.co.uk
app.badbunny.meme
www.bombastduo.com
www.capoeira-madrid.com
casemodify.com
admin.castle-auction.com
www.admin.castle-auction.com
cheminventory.net
aura-designer-us.cloudanvil.net
inforsys.co.id
deltacooling.co.ke
www.farajapest.co.ke
www.madhusudhanpathak.com.np
flvto.com.tr
www.sustancias.marn.ct.gt
cybercodeonline.com
www.digitalsupply.ai
echalecanela.com
ecomsheni.site
demo.edcliente.com.br
www.fauzdar1.com
soporte.featuring.cl
fortbuy.net
www.fortbuy.net
fotografosdebodas.net
robin.goodylabs.com
gunfist.com
app.habitlink.org
www.herosdogs.be
highwaydroptaxi.com
social.horasis.org
www.inmueblescalli.com
admin.jeremie-lopez.fr
portfolio.jivkokarakashev.dev
www.portfolio.jivkokarakashev.dev
keystonewealth.in
kolvin.com
www.kudo-canada.com
learness.org
admin.demo.vensure.listoglobal.com
www.magneticsaas.com
mainit.app
manvens.com
mashfai.com
www.mashfai.com
mortgagecalcapp.com
www.nelka.jp
www.onzroad.com
premiossadosky.org.ar
plotu.io
avantgarde.portfoliolink.co.za
mentaltests.powermindmetrics.com
mentaltraining.powermindmetrics.com
sportsmatchanalyzer.powermindmetrics.com
www.primestaffing.ca
staging.adams.ptg-in-a-box.com
staging.odyssey.ptg-in-a-box.com
nadal.puceduca.cat
www.pysparkisrad.com
bq.quadra5.com
queencityresumes.com
www.queencityresumes.com
app.rancherplus.es
www.ronaldvanbeek.nl
rotractclubofsrcas.in
rppl.life
www.rsinnotech.com
www.saasmagnetic.com
www.saasmagnetico.com
simple-care.com.au
soup.soupforever.com
spectrum-estate.com
sulthanauliya.com
xvjuliamaria.swanmoments.net
synaptive.ai
team3646.com
techcygnus.com
tgsrealestate.com
thumbstat.com
traincms.com
tranquilinho.com
www.turunlentoasema.fi
vizcachawines.com.ar
vocalcoords.com
wattville.co.za
www.wifesboyfriend.com
www.wrestling.com.br
auth.staffstudy.yourfullpotential.shop
zsigmondildiko.hu
Other domains in certificate