Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=links.kriptomat.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 15, 2025
Valid Until
March 15, 2026
61 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
77:50:19:4D:94:C3:30:11:5A:6E:8C:7A:F5:AB:36:6E:13:8A:A0:0F:3E:71:72:9B:9C:C0:FA:1B:4F:81:2C:CD
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
script-src; object-src; base-uri; +3 more
script-src 'report-sample' 'nonce-mzwrmFrhCnu5TItO8TqG1g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
d.youpay.digital
admin.agileai.university
webapp.apprito.com
amerikanskagymnasiet.frescati.kayakomat.aquayak.se
dev.atrium.market
www.aulasdesurfemjoaopessoa.com.br
badlabs.co
conta.ballesta.com.ar
bugunsongun.com
fitness.cafemomiji.com
calmwithmoney.com
cocol.tokyo
rjdesign.com.tw
projectone.dost1.ph
www.dwightworley.me
judge.engineeringawards.ie
engo.space
envisionwc.com
www.esrsolutions.net
dev.fabhand.co.uk
www.fedrigo.com
findeckapp.com
fitnessmatch.au
app.frugl.money
gamenightcollective.com.au
garzonqr.com
gen2wealth.uk
getworkplan.io
giuliamarulli.it
gss.support
hassaan.uk
healai.care
covid19.herats.dev
movielibrary.holdenclark.com
humancloud.xyz
www.hyperbeam.studio
minhcuongmth.id.vn
theory.idoz.dev
www.iglesialavictoria.org
investesolar.com.br
trial.iolite.software
app.irisyo.com
www.jarjestysmiehet.fi
joshtillo.ca
kennedyai.us
kinepraktijkzoersel.be
www.kktoursandtravel.in
klaia.org
www.kreamice.com
links.kriptomat.io
www.magik.studio
emp.one.mayaholdportal.com
emp.two.mayaholdportal.com
logistic.mbmint.com
swipebrickbreaker.metacrew.vn
www.metalurgicaemsalvador.com.br
helsingborgshem.demo.movello.se
myphammoclan.vn
map.neurals.world
www.noleggy.com
nuhacorp.com
www.nyeri.es
ofipark.space
ourworldimpact.com
en.palacio.cz
perfectlife.app
www.perfectlife.app
fussell.portfoliolink.co.za
entrant.procurementawards.ie
proteinballer.com
www.qouta.id
qwilo.ai
rleeportfolio.com
www.rmanubolu.in
second-brain.online
www.selstan.com
sentinelfirm.us
sentinellegal.us
serviciosfelinos.com
speakeasy.fan
tennis.sportsconnector.com
statslabtech.com
dev.stunning.studio
szuliq.dev
thesaranghaestudio.com
inhalte.trick17.it
www.trivia.wang
trymockingbird.com
umapalavra.org
unitechiesolutions.com
www.v8app.com.br
venlisto.com
www.waterloo4h.ca
weihan.autos
www.weihan.autos
africa.wfrs.rest
www.wiseminer.com
y-ssj.org
www.yogatraya.com
stage.zenya.com.mx
Other domains in certificate