Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=contratos.activitas.es
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 27, 2025
Valid Until
February 25, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C2:02:DE:C4:7F:11:AB:52:FD:14:89:71:9D:B7:D0:6A:B3:5C:B0:50:8C:4C:16:E6:BF:5D:85:DC:F2:98:D5:98
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
carjoky.dev.kwiqsol.com
23am.kr
www.abenojar.net
contratos.activitas.es
aglae-nice.org
akis-tech.com
alessandrocapucci.com
www.apostaninja.pro
pwa.appobra.com.br
ai4simplify.arcodex.net
test.artemis-collier.com
www.axiomatec.ch
bigtinysound.com
anomaly.bitrot.zip
bolichero.app
console.bringoz.com
www.capimora.com
hyundai.carteiracliente.com.br
pay.cartwheelri.org
doc.cognite.com
app.uaf.com.hk
materials.dagmar.fi
dellapietra.net
dilworthtennis.com
www.driftmarketplace.com
url.ahskbera.edu.bd
ep-floriade.nl
www.filoni-wein.ch
www.fondan.co
admin-dev.fuelstreamservices.com
fullmoonstudios.com.au
georgehowdenjazz.co.uk
staging.getjuly.com
www.getlobee.com
login.gogogarden.dk
yamaha-cvm-dev.gospurr.com
gowithsoo.com
www.grabthatspot.com
greenmarinedivers.fo
guitarlessonsbelfast.com
als.iarahealth.com
infinityblocks.in
dev.isport360.com
www.jets24x7.com
airplate.juggle.jp
link.kaly.com
kelbswap.com
koalacademy.com
ksp-kalajoki.fi
aim.kyeoj.net
lambertroudil.com
nonaka-kaikei.lfv.jp
www.lingwen.org
lukenanalytic.com
www.magicjays.com
www.mayolab.co.jp
taxiloyal.megataxi.com
pledge.mentorfirst.org
sprightly.mindba.se
mindthegap.digital
www.mottet.me
x.natesesti.com
nftapas.app
menu.nihotellara.com
novagenome.io
www.otree.pro
www.ottosinvestimentos.com.br
partnerdevelopmentsports.com
phamkhac.com
www.plgodin.dev
azzun.premiumhotel.pl
pragma.qfix.ai
www.quali-sign.com
shoei.randoku-serendipity.com
video-compare.relative-ci.com
www.app.reshapeclub.com
aviva.robertolegorreta.com
www.runloop.com
app.rvpedidos.com.br
santiagogea.com.ar
aurora-belmont.sforzato.xyz
www.shreeaaijihonda.com
auth.ui.soundflow.org
sparkinkgemcraft.com
oilerstrivia.sqwadhq.com
countries.stephengordon.ie
www.sunnypc.tw
survivingthe.city
checkercat.system-neco.com
www.teeqer.ru
www.therealowner.in
www.trendingarcc.com
fbjardin.turnosweb.app
ursoverde.pt
utilee.app
www.vathius.com
wardle.app
yaisana.com
otracker.yectra.com
r.yungppl.com
Other domains in certificate