Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=rdfmexpress.pampa.com.br
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 10, 2025
Valid Until
January 08, 2026
56 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
1A:7C:B4:DC:25:9B:C4:3F:6A:70:57:FA:6B:B8:6D:7E:45:E8:2B:D0:3C:47:E6:DE:F0:33:33:36:6E:D7:18:99
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
davidprae.io
allsteel-kongfigurator-test.3dcloud.io
627coder.com
login.aginidhi.com
alitoyou.com
www.andrewjte.com
applegath.dev
gruporodriguez.appshare.com.br
test.atacana.it
order.atithifoods.in
ayangdesigns.com
becreative.hu
www.belovance.com
bibliotecafttr.it
invoices.bitalpha.com
bleedingedge.ca
preview.boel.co.jp
byteinfy.com
koncat.cacko.net
app-07.dev.carto.com
aramark.cateringportal.io
ckko.in
app.deckdeckgo.com
divisetsolutions.com
app.doorguard.io
gramopool.duoward.com
epet16-rdls.edu.ar
exmera.se
fluttership.io
kiosk.fotoatm.com
calculator.frc4322.com
portal.fyclabs.com
ruta-sostenible.glombardo.xyz
havenspaces.co
higgsdechirenoscontrats.ca
cv.hoko.xyz
www.iccms2025.in
fitness2u.impactwrap.com
bayu.klikada.com
abglp-dev.client.knoxpo.com
lionsbballclub.org
liquidskylines.city
www.m3u.link
mais.codes
marathigames.in
marcusdev.net
markkurcz.com
www.masonwoodbury.co.uk
www.memeize.me
mememiner.net
milkjug.io
colegios.mision.education
misskey-loginbonus.info
test-app.mobilyaka.com
www.moncapiten.com
elf.nargil.net
ndhdp.lk
nox.gallery
consulta.oechsle.pe
api-docs.onsmartpath.com
rdfmexpress.pampa.com.br
admin.parmazip.com
poker-toolkit.com
admin.projectpulse.in
quikweek.com
monoui-storybook.recordunion.com
resoluteassetmanagement.gr
www.restaurant-bali.de
safarilords.com
sagradafamilia-sancarlos.com
stage.sectorswithoutnumber.com
www.stage.showboat.app
firebase.sivla.top
tv.smartlinepro.com.br
myclass.snet.me
softwave.pl
www.southcentralcasa.org
spaceresx.com
splixcube.com
squillariasesores.com
check.sterin.dev
l.storicard.com
stripbystrip.com
admin.suicidepreventionapp.com
app.tailstreet.com
teckvibes.com
fall-stage.telehearportal.com
teresaandjamel.com
floaters.therestinmotion.com
timesmeter.com
trevorselby.com
alex.turborad.com
fl.api.usp.center
dev.accounts.vezham.com
vilesport.no
wildernesscottage.co.nz
deeplink.womenworks.io
yoditexp.com
www.yourbriefly.com
link.zones.city
Other domains in certificate