Open
Cached
·
just now
76/100
SECURITY SCORE
Certificate Information
Subject
CN=mafou.club
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
November 29, 2025
Valid Until
February 27, 2026
38 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
01:E0:07:49:E9:4C:21:E4:58:55:FC:59:56:A9:51:2D:7D:09:DC:29:57:00:33:15:91:07:C8:0D:CA:A5:C8:CA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
77 domains
dooltrack.com
*.dooltrack.com
299349b70a.com
*.299349b70a.com
5starsworldwide.store
*.5starsworldwide.store
baseballmenace.com
*.baseballmenace.com
bongdahd1.icu
*.bongdahd1.icu
buythemone.com
*.buythemone.com
calypsosowavy.com
*.calypsosowavy.com
courtpaytinc.com
*.courtpaytinc.com
ddiddit.be
*.ddiddit.be
defsgqcdexqtda.com
*.defsgqcdexqtda.com
deltarune.us
*.deltarune.us
egtqwibcej.com
*.egtqwibcej.com
gardengrown.com.au
*.gardengrown.com.au
gdlmh6seh.com
*.gdlmh6seh.com
gmc-de.com
*.gmc-de.com
h1-obylo4lvoirz.com
*.h1-obylo4lvoirz.com
harriscreditlaw.com
*.harriscreditlaw.com
icanhr.org
*.icanhr.org
jp-films.co
*.jp-films.co
jwcviinfo.com
*.jwcviinfo.com
ktpdev.com
*.ktpdev.com
legashieldexpo.com
*.legashieldexpo.com
lesaubergesdejeunessedesardennes.be
*.lesaubergesdejeunessedesardennes.be
mafou.club
*.mafou.club
*.cms.marcolin.online
*.development.marcolin.online
marcolin.online
*.marcolin.online
*.production.marcolin.online
marriottvacations-worldwide.com
*.marriottvacations-worldwide.com
neuvmmjfyknq.com
*.neuvmmjfyknq.com
newscity.store
*.newscity.store
nhetai.website
*.nhetai.website
nortec.cc
*.nortec.cc
nyorganizing.org
*.nyorganizing.org
quiz-pls.online
*.quiz-pls.online
sapcommissionsondemand.com
*.sapcommissionsondemand.com
shorebreak.com.au
*.shorebreak.com.au
valleyvnsehealth.org
*.valleyvnsehealth.org
weitenoffice.com
*.weitenoffice.com
xxvwrstylqcl.com
*.xxvwrstylqcl.com
Other domains in certificate