Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.opti-leak.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
January 09, 2026
Valid Until
April 09, 2026
84 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
71:AE:18:A4:D1:54:9D:21:E5:D1:D0:BD:63:C9:43:50:C6:74:A9:A6:1B:14:0D:7D:E8:E9:87:AB:54:01:46:D9
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
chanieme.com
31776.shop
admesh.cloud
portal.aerialcanvas.com
www.agm-vote.com
www.ajaymalekar.com
artifxstudio.com
auth.beta.finantare.asociatia-g2.ro
astrasoftcr.com
autoexpertindiacompany.com
balloonifyiq.com
bpt3d.com
www.brive.earth
worldclockcovert.buggasoftware.com
cafedusoir.fr
signer.caisias.com
carolinademarque.com.br
stage.admin.carteiracliente.com.br
harshitajain.co.in
go.staging.relaxgo.com.hk
certificate-b2c.csspl.info
news-portal.csspl.info
damnedbytime.com
www.damnedbytime.com
detma.cl
dhamakadeal.in
www.diananossa.com
eagbcorp.com
fak10.app
findmybyoli.in
www.fitinsights.net
yellow-cab-chi-operator-demo1.us1.fleet-dev.com
www.fluviu.com
marketing.gates.services
gogia.co
child-tracker.gooddevelopment.studio
pay.sandbox.wpay3.gr4vy.app
happydine.de
dptrong17051.id.vn
shopbanhangcanhan.id.vn
www.isponser.co.uk
marin-county.clients.joinpromise.com
presentation-interactive-en.kernels-analysis.eu
kooply.builders
manacredit.co.uk
spiceapp.materikab.com
admin.dev.mdovisio.com.br
mikrozajm.su
www.mikrozajm.su
prod.milestonemap.org
www.musclemate.nl
www.mygece.com
narilistens.app
neonframeworks.com
mpro.nos.pt
fphs.obsidianpma.org
www.opti-leak.com
app.optimmo-energies.com
www.padmadharastructures.com
pizzabox.ltd
www.plusound.com
portugalcarassauga.ca
projectshub.xyz
qpredicta.com
rhythmmedia.in
romb.me
leves.rtlink.com.br
www.sandbox.works
sangeetaenterprises.icu
saudekangenbrasil.com.br
schmittstudios.co
townhall.sentinelcolorado.com
www.shibuya.nl
shieldbee.app
www.sirwilliamsnaturals.com
snkengg.com
soccerstar.agency
akio-app.speakylink.com
qa1.spext.co
www.sportellimatteodev.it
www.spotifypartyti.me
the-modern-dater.com
www.therapruler.com
log.thergic.ar
timhochstrasser.ch
text-count.services.tokyo-scaler.com
toverlap.com
trackyourpots.com
tradebuzzing.com
trellixo.com
admin.triploop.com
static.twinplumbing.com
vawahelpcenter.com
vendaslandingpage.com
vision-e-academy.com
wailinfra.com
wherecanigo.info
www.whoami.ca
www.wyattchamberlin.xyz
portal.xendoit.com
Other domains in certificate