Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=citi.ir
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 11, 2025
Valid Until
March 11, 2026
74 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E7:8D:3F:61:C5:F6:64:15:B5:90:CA:6A:5C:B5:A5:A9:8A:76:15:B9:5E:6D:27:D1:F9:66:7E:3E:24:6C:3F:7C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
aijob.in
dev.aijob.in
short.acceptance.beclm.4sh.fr
www.aacbt.de
aisle.ninja
www.amjadoudeh.com
www.anatoliyruss.com
www.ardent-training.com
www.bemorex.agency
bouwkeet.app
bulgamart.com.br
campsolarenergia.com.br
backoffice.cbkids.com.br
app.celutecn.com
centralgovtjobs.com
feedback.checkinn.co
citi.ir
playgo.vonder.co.th
www.codebento.my
www.fastapp.com.ec
www.puntofacil.com.ni
app.metsisbilisim.com.tr
www.compracircular.com
derrq.com
destinexholidays.com
www.destinexholidays.com
www.dimatour.id
disit.in
iamcrafting.dontkry.com
e-x.cc
www.emkkozosseg.hu
famo-kosmetiikka.fi
fashconfessions.com
www.fixcare.kr
focopyme.info
www.gagantransport.com
geeksdobyte.com
www.gewerbe.cloud
globalaviationmaintenance.com
greensolarguru.com
growingpainsbook.com
haganum.net
www.hazelfire.com
www.herbolariosol.es
auth.imberapp.com
www.incadd.com
sankalpacademy2.indiandevelopers.org
app.injecal.com.br
interpretinggroup.com
isitreallyhotinflorida.com
www.iskiuphill.com
app.mycart.jakob-fuss.com
www.jhonland.com
karlmatthes.com
keenanalves.com
khetikalyan.com
kick2cloud.com
kinejennes.be
knowledgeedgeai.com
leetoreum.com
www.lemartva.tech
lemonatibeverage.com
staging.levita.app
likelemba.net
test.lo-beam.com
mapelevations.com
marshalpaterson.com
mathtutordallas.com
megaflooringcontractor.com
www.msassociatess.com
centroscomerciales-onsite.mymoons.mx
planner.mytravelagent.online
sivaganga.onewaydroptaxie.com
outlooknews.org
prettychocolates.in
www.rawdings.com
set.reb.dev
rekoda.app
repperpatterns.com
www.app.reserve-cake.jp
resfood.net
rishtpusht.co
www.satellite-tracking.space
quiz.schoolfaqs.net
www.sound-walker.app
apps.surecash.net
taxiexecutivo.com.br
staging.tayo.pro
www.thep2d.com
app-links.treedom.net
vaibhavarora.net
link-px.vetster.com
app.xcare.rehab
staging.clients.yabawt.net
www.yapbase.com
www.yogisforpeace.life
workbench.yovstudio.com
www.workbench.yovstudio.com
flashchat.yugthapar.com
tot.zenselect.jp
Other domains in certificate