Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.calfapp.ca
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
January 21, 2026
Valid Until
April 21, 2026
86 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EE:EA:DA:7C:1C:30:F5:48:AE:59:DE:99:C4:F7:03:78:BB:81:49:43:69:B7:21:92:00:54:BB:0B:D7:10:C0:90
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
dev.vasware.fi
abbatecalzature.it
aikokidztv.com
www.ailetic.app
alive.partners
aupesbox.com
platform-products.blmbastion.nl
staging.bltn.io
bregjeadvies.nl
caleo.cc
www.calfapp.ca
celestial.page
docs.chatstacker.com
classicshumba.co.zw
cv.codistry.de
cysports.co.uk
link.de-andrade.dev
www.dionz.com
drapii.com
duckfinance.com.br
earkick.com
apeuni.edu.np
fb.events
sin-seminar.filipmiik.cz
fisioterapialapaz.com.mx
www.foinq.com.au
admin.shop.gls-portugal.pt
www.gyanarchitects.com
hidelike.com
www.homebauer.com
www.i2rps.com
tranminhphong.id.vn
www.inoutinspections.com
inumeraveis.com.br
axel.itrood.com
jack-apps.com
jesusmiranda.dev
jimmyhughes.dev
www.jimmyhughes.dev
admin-root.juggle.jp
lc.junipersys.com
admin.kjoks.no
gov.labofcodes.com
www.lenmatech.ca
www.lenmatech.com
listenuppd.com
login.magloft.com
carrier.mealit.com
asyriannight.meander.media
ligas.mision.education
mvseducacion.com
myuniapp.space
afi.nahaus.de
pic-ocservice.mentor.neccton.com
nickbarnard.dev
ng-ponyracer.ninja-squad.com
nobapp.com
www.okoplay.com
pairle.io
palgo.io
peterhase.de
auth.staging.pixhoto.com
postrboard.com
prosegurpay.app
app.psst.se
app.quevera.com
quicklyupdate.co.za
www.radley.finance
firebase.restaurantsupply.com
scheduleteam.com
www.scotthollifield.com
www.sencillogic.com
shikder-tarek.me
handwritten-digits-recognition.sjdonado.com
qatarfoundation.skipcash.com
truestock.smallblueidea.com
caceres.gerenciazap.smartmidiasdigitais.com.br
snuheme.org
dev.soapbox.house
sobre-abstinance.com
www.sowiniec.com
api.spotribe.jp
www.stelluredigital.com
superguzor.com
swisssetter.com
www.tapytapy.com
go.testarchitect.com
the-sibundong.com
info.thenanofactory.com
proxy.theralogik.com
app.staging.trainsweateat.com
twitterwatcher.com
unclebudspeanuts.com
valagan.com
negociacao.viacertabanking.com.br
apsi.vidocto.com
chat-api.vipdesk.com
warrynt.com
wbp-co.com
www.xaverkapeller.com
Other domains in certificate