Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=reflektera.bulbsort.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 14, 2025
Valid Until
March 14, 2026
50 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E7:5B:DF:12:2F:7C:DD:78:D5:29:76:CB:BA:CC:06:57:D0:33:B0:5C:B1:2C:C2:A5:C8:B6:66:91:B8:E5:C9:A0
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
clearvision.co.tz
adego.kr
alexandernewton.page
alingu.com
anonymouslyfeedback.com
faepenmt.pops.app.br
fyl.app.br
www.arcotecharchitects.com
www.autonomous.ro
www.axess.clinic
blendconsult.co.za
reflektera.bulbsort.com
bydoctors.com.br
calismatik.app
cdmvision.dev
links-fb.centralo.com.ar
sapthaham.chinnajeeyar.org
taiapps.cliptv.vn
dayun.bikers.co.ke
1982.co.kr
laboratorio.sanatorioadventista.com.py
countupfinancial.pro
courtoftheknee.com
cristianarroyo.dev
applink.dainiktribuneonline.com
dasmobile.online
deci.plus
deeplink.delycate.com
cema.docugen.com
www.enumacr.com
portal.expopay.se
fafnir.dev
fjuul.com
mcp.freshfilter.com
www.frinksmovement.com
gesundheitszentrum-hollabrunn.at
gordanita.com
tool.grapes.systems
www.haha-not-so-much.com
heirloomharverstcmr.com
higherstandardsautorepair.com
iquizpro.com
www.izen.fun
izibola.app
app.jettsender.com
backoffice-stg.joppy.me
app.stockingup.kingofdog.de
www.kjvelarde.com
kudosone.com
event-registration.le-vel.com
www.leasubrenat.com
letsgetwellacupuncture.com
restaurant-management.lifewcode.com
luminarlab.com
lvisjoberg.fi
macaco.cloud
mariiasmyk.com
www.mathlove.us
www.mente.app
minicadia.com
mohitparora.com
app.mou.digital
mzeeky.com
www.neilarora.in
app.staging.newt.so
newtonxr.com
www.npw.lt
i.o2o.vn
onepotpony.com
chennai.onewaydroptaxi.net
orsoverde.com
osnod.com
www.patchi.dev
links.platenger.com
admin.pontofacemark.com.br
app.pontofacemark.com.br
premierfc.com.br
manage2.rentadvisor.com
kniha.revirkapusany.sk
cloud-tools.roperetail.com
connect-ng-carrier-bids.rxoconnectuat.rxo.com
www.skycoderz.com
skymeyer.be
smarthomecompared.com
l.starti.app
takukai.co.nz
taloscore.com
teamos.co
admin.photo.thai.run
thekingsmuseum.info
fortuna.ubobu.cz
testcloud2.ufg.co.nz
www.ukrainiansunited.org
admin.volksleads.com.br
walllly.com
werkbyte.com
fieo.prototype.wigohtech.com
www.yourexclusivebuild.co.uk
yutakaintertrade.com
www.zukunftsmuseen.de
Other domains in certificate