Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=criticize.in
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
May 13, 2026
Valid Until
August 11, 2026
72 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
D8:9E:11:A0:CC:9E:C6:D1:42:E7:84:02:57:0B:0A:17:4D:4A:15:BB:90:93:C7:BD:39:8F:3C:28:37:27:C1:1B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
datahead.co
*.datahead.co
*.admin.datahead.co
*.mail.datahead.co
*.mesh.datahead.co
*.psa.datahead.co
*.shop.datahead.co
223888.vip
*.223888.vip
*.svip.223888.vip
785944.lol
*.785944.lol
*.nx5d3y.785944.lol
acquisitionbonds.com
*.acquisitionbonds.com
*.admin.acquisitionbonds.com
*.app.acquisitionbonds.com
*.demo.acquisitionbonds.com
*.hostmaster.acquisitionbonds.com
cansevdim.org
*.cansevdim.org
*.sitemap.cansevdim.org
*.sitemaps.cansevdim.org
canvasartworks.digital
*.canvasartworks.digital
*.kaspi.canvasartworks.digital
*.olx.canvasartworks.digital
criticize.in
*.criticize.in
*.www.criticize.in
*.ax32.duskpay.com
*.ax4.duskpay.com
*.ax5.duskpay.com
*.dbloc2.duskpay.com
duskpay.com
*.duskpay.com
*.www.duskpay.com
gplcharge.com
*.gplcharge.com
*.secure.gplcharge.com
*.store.gplcharge.com
haha303xp.com
*.haha303xp.com
*.www.haha303xp.com
*.exchange.inventcore.com
inventcore.com
*.inventcore.com
*.m.inventcore.com
iskra2012.pl
*.iskra2012.pl
*.ww16.iskra2012.pl
*.home.lave-vaisselle.cc
lave-vaisselle.cc
*.lave-vaisselle.cc
*.mysql.lave-vaisselle.cc
*.secure.lave-vaisselle.cc
*.www.lave-vaisselle.cc
numinfo.pl
*.numinfo.pl
*.ww17.numinfo.pl
*.bi.redbull999k.biz
redbull999k.biz
*.redbull999k.biz
*.wildcardsubdomaintoprocess.redbull999k.biz
rescareus.com
*.rescareus.com
*.ww25.rescareus.com
*.ww38.rescareus.com
*.rds.sitarganj.com
sitarganj.com
*.sitarganj.com
*.www.sitarganj.com
*.ny6di8.urbanpaintspace.com
urbanpaintspace.com
*.urbanpaintspace.com
*.admin.walmartfigt.com
*.users.walmartfigt.com
walmartfigt.com
*.walmartfigt.com
*.ww25.walmartfigt.com
*.jenkins.windy.life
windy.life
*.windy.life
wudi.shop
*.wudi.shop
*.www.wudi.shop
*.api.xn--95q046a9qf.top
*.app.xn--95q046a9qf.top
xn--95q046a9qf.top
*.xn--95q046a9qf.top
Other domains in certificate