Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=heritagecapital.ltd
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
February 25, 2026
Valid Until
May 26, 2026
88 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E9:AB:F6:89:BF:0D:C8:75:08:6B:BE:22:98:91:86:F9:8B:EC:D5:32:75:3C:16:CD:96:E6:D7:20:C5:40:34:05
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
75 domains
piagrows.org
*.piagrows.org
*.comune.piagrows.org
*.mx.piagrows.org
51kanpian.pro
*.51kanpian.pro
6estsieger.de
*.6estsieger.de
*.random.6estsieger.de
andersen.studio
*.andersen.studio
*.ashley.andersen.studio
*.global.andersen.studio
*.pay.andersen.studio
*.ww38.andersen.studio
bodydoubling.co
*.bodydoubling.co
*.app.bossflghters.me
bossflghters.me
*.bossflghters.me
*.cie-incorporacaodeedificios.digitalexponencial.online
*.codigo-pev.digitalexponencial.online
digitalexponencial.online
*.digitalexponencial.online
*.lorranemendesbeauty.digitalexponencial.online
*.metodopedroprimao.digitalexponencial.online
*.styleflix.digitalexponencial.online
*.teclas.digitalexponencial.online
*.zapprapido.digitalexponencial.online
fabryka-zaproszen.pl
*.fabryka-zaproszen.pl
*.sklep.fabryka-zaproszen.pl
forkliftsalesinsydney.com.au
*.forkliftsalesinsydney.com.au
*.ww38.forkliftsalesinsydney.com.au
heritagecapital.ltd
*.heritagecapital.ltd
hobos.au
*.hobos.au
lemot.io
*.lemot.io
movies2hd.com
*.movies2hd.com
*.ww25.movies2hd.com
*.ww43.movies2hd.com
*.ww6.movies2hd.com
*.demo.mytres.co.uk
mytres.co.uk
*.mytres.co.uk
optumfiancial.com
*.optumfiancial.com
*.random.russmilne.com
russmilne.com
*.russmilne.com
sbo.mobi
*.sbo.mobi
shotglasses.au
*.shotglasses.au
speakology.studio
*.speakology.studio
thriftsavings.com
*.thriftsavings.com
*.ww16.thriftsavings.com
*.streams.totalsporttek.pro
totalsporttek.pro
*.totalsporttek.pro
*.ww25.totalsporttek.pro
*.track.traffic-seller.club
traffic-seller.club
*.traffic-seller.club
wegger.org
*.wegger.org
*.privacy.zippyd.co.uk
zippyd.co.uk
*.zippyd.co.uk
Other domains in certificate