Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.htlw.de
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 24, 2025
Valid Until
March 24, 2026
70 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C6:50:4D:C5:C1:07:3F:C4:F9:35:6D:42:EF:71:F3:BC:08:C1:D5:1E:1A:99:4B:F1:6C:20:96:1E:C5:11:C3:35
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
dataqtechnologies.com
pocketworlds.12traits.com
upwardrecruiting.3diq.com
activateparty.com
afspianos.com.br
alertahora.com
app.amomed.com
aseemangiras.com
asian-kitchens.com
www.baronacentrs.lv
www.bayboatlife.com
beaucoupb.com
bg-decider.com
app.biasharamakini.com
qa.aggie.bluebackglobal.com
butterfi.com
deposito.cimagrouplatam.com
cjsbc.com
clipboardhistory.app
cmg-consultant.com
codeterp.com
collegemonkey.com
loans.credpal.co
www.criollosbsn.com
admin.detectable.fr
mysql.dev-master.ninja
www.douglasmasho.com
dudejustgo.com
e-doukoukai.com
www.e-onlineservice.com
efoundersclub.com
www.fitpass.link
www.flrt.co
forwardtv.cc
goonetperu.com
fighters.hammer.app
harrisonedwards.dev
www.healthnote.lk
www.hminterio.in
www.htlw.de
iamtaylorroberts.com
iconicstonegallery.com
independentproductions.ca
kolia-olia.invito.link
iplan.to
www.jannik-schwarzwolf.me
team.jaspero.co
jotflo.com
kelle.dk
kysports.top
larkstudio.dev
partner.loanready.today
meten.maklr.nl
scriptures.markangelohernandez.com
martinslopes.com.br
mashakes.com
www.mc-autoglass.com
milaschmidt.de
mybrunoni.ch
myschengen.app
lieferantenwechselfristen.apps.new.de
www.oceandatapool.com
evento-develop.libcom.org.br
otasbtp.fr
ounc.in
myako-scorm.ovdns.co.za
www.pacfordia.com
ayr.planacan.io
chat.pokk.it
propertydeveloper.ai
ramiroscerra.com
vorschau.raumcloud.com
login1.read-pro.com
www.rprashanth.com
portal.rudracrackers.com
sammypreneur.com
plus.shoppercaddie.com
spheon.xyz
statestreetbarbershop.com
strasnicinnovative.com
strya.co
www.sushi.partners
conference.swing.be
links.oriflame.synetech.cz
syntaxsimplified.com
prod.takethepowerback.org
admin-test.teamtelefoon.nl
testme.gg
textablestaging.textable.app
www.thehighfive.network
www.thelesbianproject.net
dev.tivazo.com
prod.training-diary.app
www.trisoft.in
app.upproving.co
vaydaprimadonna.com
www.vizagetec.com.br
www.waitmoi.com
yallatfranks.com
www.zambiee.com.br
Other domains in certificate