Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=bistronarohuml.cz
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 20, 2025
Valid Until
January 18, 2026
57 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EF:64:76:E2:72:48:C6:D6:39:6F:93:0C:21:E0:FB:10:45:79:1A:FC:62:CA:6B:02:C3:F5:F3:66:46:77:F7:8C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
diigoo.com
banogovinda.aimcomely.com
www.alexandercarpenter.dev
www.alliumlabs.dev
arvinasghari.dev
www.audiovisualeducativo.com.br
bistronarohuml.cz
go.brmodels.love
indiqueeganhe.catagua.com.br
www.cirurgiamao.com
servitzhome-freight-dev.fritz.co.il
missiondairy-staging.grobox.co.ke
dev.kraftmusic.co.kr
www.jisponge.co.kr
dev.crystalvisitor.com
dagmn.ro
danielpatnode.me
darkanita.dev
game.deep.institute
denvertech.co
www.donjon.dev
www.duba.hu
x655bd6.easyapp.co
www.eliasmurcray.me
www.enoram.com
www.entrestudio.eu
www.funrewards.com
www.gadzetspro.com
staging.dashboard.getscratch.com
store.hamzappsredirect.store
www.hephaestusonline.com
heyimages.blog
hgeengineering.com
link.hype.it
icomuae.com
iglesiarestauracionfamiliar.org
auth.nft.igrek.biz
kruart.in.th
omo.isuzu-tis.com
sra-online.ivlivs.dev
jackbanta.fun
www.jamesmwallacejr.com
admin.jedybo.com
www.kaungyang.com
kraftcreativestudio.com
storybook.letsemjoy.com
www.linneastrid.com
matchsetpoint.co.za
matintravels.com
medicalwisdom.in
reports.mhlindia.com
app.mrassessorias.com.br
www.n2osoftware.com
www.nafayis.com
navalex.net
mustkeem.nextechvision.in
together.nthn.io
www.nudgd.com
test.ortizbros.com
www.ostryx.com
paginadomilhao.com
secure.perseus.com.br
www.physialys.fr
preview.pilot-security.com
www.pix.email
galwaycompanies.portal.plenadata.com
admin.prairieblossomnursery.com
sales.rabbito.social
shipcube.rabot.us
bangalore.rainbowsdroptaxi.com
play.rcsnail.com
www.reelpicker.com
www.rozgars.com
www.selibresound.com
census.sensus.cloud
open.simplr.io
slapshot25.com
www.veletsy.smartdream.tech
solarwijzer.nl
solutionsnotsweeps.org
running-pace.stefanscript.com
stoutoperatingfirm.com
xcov.strategicforge.io
www.swapadoodle.com
theansur.com
sports.theorygenerator.com
timegaptheory.com
timetobook.be
tulisiat.fi
www.twinc3.com
twitchgo.com
clj.live.ninja.usestrive.com
villagesafety.net
voncerts.com
wch-holding.com
oauth-beta.websays.com
yelobus.app
www.yso.tw
finance.zerodotone.in
app.zoila.cl
Other domains in certificate