Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=open.digidentity-staging.eu
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 27, 2025
Valid Until
February 25, 2026
84 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
83:FE:4E:81:37:4B:86:60:B2:D9:AC:CD:C0:76:6F:61:AB:AC:0B:FD:87:CB:B8:99:15:38:ED:AF:2A:95:CB:00
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
dev.thetoucan.app
hht-unitconfigurator.3dcloud.io
www.abjlabs.com
adriyflortehaceniramdq.com.ar
portal.aidin.health
docs.thecsas.algo-artis.ai
allipgroup.com
www.annaskuratova.com
cao-sabic.appdashboard.nl
hojecosmetics.appshare.com.br
water.metrics.asani.io
www.augmentedally.com
manager.bit-fog.com
friendlychat.boosterbyte.com.br
dashboard.castodian.com
venue-qa.chowin.co.za
www.clinix.co.in
codejocks.in
www.cometexas.org
coreztech.in
coronareadymix.com
cottonwoodcreek.tv
dajuride.in
datacode.com.ar
app-dofa.devpea.com
open.digidentity-staging.eu
ekifus.com
ems-partner.ch
www.erikdyrrflooring.com
www.estudioantartida.ar
bist.fistweapon.net
barbolin.foodle.su
link.gapo.vn
my.gemsnotes.app
gr8gen.org
prd.ps.hacci.live
huseyinemirdag.online
i-con.space
vthon-class.io.vn
utyupin.is-cool.dev
www.juicyballs.at
3d.katkus.eu
kmsprofessionals.in
auth.lazyladle.com
test.locationinventory.info
lodt.net
ai.lotusfa.com
www.luna-games.net
www.megahit.net
www.migiude.org
assessment.mindsethealth.com
view.modelcreate.com
www.modulardesign.homes
mohammadkhodadadi.com
new.mohri.net
admin.mojaid.com
moke.tw
moonfestlive.com
mrcarpenters.com
warehouse.mylabnutrition.net
oa.mynt.in
n-abled.ca
uat.networthtracker.in
auth.nollie.ai
norulesjustfeels.com
www.noweapon.earth
nordlandbetong.ordreplan.no
brand-ambassador.packleashes.com
www.patinacville.com
payrollng.com
invite.plato.app
www.poshsocks.in
brewyourownstarbucks.posible.in
proderecho.com.mx
boo.pushstart.com.br
www.aj.reedit.au
www.rentataxi.co.za
api.risendevices.com
roadwarriorsvolleyball.org
www.ronghwa.info
samsite.io
sb.savageminds.com
schiessles.com
sorteioamigosecretoapp.com
www.ss-hms.com
nsh.steara.com
sukolcr.es
www.thrill.fr
link.usenobi.com
vault-portal.com
veriandy.es
tce.staging.cloud.vermill.io
www.vosa-rock.cz
mojo.vudu.tech
weforsea-besomming.com
criisp-preview.wholesaleinvestor.com.au
womenincopernicus.eu
music.wutmanintu.me
zeaeye-development.zeaeye.com
wordscrush.zytoona.com
Other domains in certificate