Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=auth.staging.cosmeb.com
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
December 01, 2025
Valid Until
March 01, 2026
47 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A5:74:E7:CC:8F:33:5E:3E:01:BB:F7:F5:7D:C7:BB:C0:4E:F4:F9:50:C9:08:08:C6:75:D5:19:72:97:B6:24:5C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
cloud.laoshi.io
alecmichels.online
kickstarter.beryl.cc
www.brujotesco.xyz
tarugo.carto.io
www.categorly.com
staging-mobilecms.cbssports.com
firebase.sustainable.co.ke
championsleague.sydatech.com.ng
auth.staging.cosmeb.com
curiousacademy.fr
legacy.denman.xyz
www.dentolink.com
directdone.com
rlog.dnjw.com
www.dogquirk.com
www.donahub.com
www.eastwestpropertygroup.com
the-questionables.ebabel.eu
nominations.eciitk.com
electroseguridaddigital.com
emirguvenni.com
link.ensaturno.com
www.ensaturno.com
distance.entrancezone.com
jee-rank.entrancezone.com
www.espaciovidaysalud.com
www.ethiochinet.com
wolf.eu.com
cnpj.dev.shelf.evtit.com
ocr.dev.shelf.evtit.com
www.exobreach.com
admin.fawlts.com
www.fieldofclouds.com
tooling.finarkein.com
fractalfits.com
freshtoursandtravels.com
friday2saturday.com
furkantunali.com
geomarsgroupltd.com
app.guidingember.com
www.hydrocawach.com
iapkit.com
kangarli.com
eacourse.kcglobed.com
admin.kornpropiedades.com.ar
roi.trainer.lifefitness.com
linktradr.com
www.lululaundry.com
mandcautocare.com
mercadophone.com
mileiclicker.online
muhammadrazi.com
sms.nextpointe.net
nu-bright.com
www.nu-bright.com
www.omplatform.cz
bhavna.org.in
oscargpdev.tech
padretiago.com.br
www.pdwtchemicals.com
plasticstra.ws
www.playbosspoker.com
prioritydashboard.com
dialer.beta.development.qlu.ai
qtapjo.com
widgets.quinv.io
www.rawaalhethab.com
rlinformaticapc.com
www.rlinformaticapc.com
robindesarcy.com
connect-ng-asset-management.rxoconnectdevint.rxo.com
connect-ng-carrier-recurring-lane.rxoconnectdevint.rxo.com
connect-ng-registration.rxoconnectdevint.rxo.com
www.sebcayet.fr
sekolahmutiarasunnah.com
admin.servitax.ca
portail.servitax.ca
shubhrishta.com
app.sintoga.com
driv.softutopic.com
miner.soturimedia.in
www.speedzy.shop
taikadevstudios.com
auth.telov.app
client-staging.thebrighttutors.com.au
live.trend.io
content.useinedit.com
staging.useinedit.com
comercio.venttys.com
app.virgally.com
www.wifipublicitario.com
static.xanum.mx
www.xn--berlebenmitklopapier-oec.de
xn--bootprfung-feb.de
particulier.xn--hier-jra.com
www.xn--lnen-qoa.se
xn--re100-og6un08dexf.com
xn--tournesdesproducteurs-f5b.com
xn--wxama.com
Other domains in certificate