Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=goodgroupfinancial.org
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
February 05, 2026
Valid Until
May 06, 2026
74 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
93:62:6A:09:35:DF:0A:BC:7A:1C:95:94:DD:32:D4:A3:5E:FD:45:42:B2:E0:B4:81:DD:F8:BB:B9:15:A4:C2:63
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
esdir.com
*.esdir.com
*.random.esdir.com
*.ww38.esdir.com
38656.vip
*.38656.vip
*.m.38656.vip
actualizaciondocente.site
*.actualizaciondocente.site
*.aula.actualizaciondocente.site
*.registro.actualizaciondocente.site
adventuroustraveljourney.xyz
*.adventuroustraveljourney.xyz
*.kwid9.adventuroustraveljourney.xyz
calcio-blog.it
*.calcio-blog.it
*.mymail.calcio-blog.it
diforma.com
*.diforma.com
*.mail.diforma.com
*.remoteaccess.diforma.com
goodgroupfinancial.org
*.goodgroupfinancial.org
*.my.goodgroupfinancial.org
hmanga4.xyz
*.hmanga4.xyz
*.m.hmanga4.xyz
kristyk.org
*.kristyk.org
*.contents.marcas.com
marcas.com
*.marcas.com
*.social.marcas.com
*.top.marcas.com
mustashar.me
*.mustashar.me
roofingcompanies.best
*.roofingcompanies.best
*.shop.roofingcompanies.best
*.blog.verifiedbetter.com
*.qa.verifiedbetter.com
*.remote.verifiedbetter.com
verifiedbetter.com
*.verifiedbetter.com
*.accounts.walmart6.vip
*.administrator.walmart6.vip
*.airflow.walmart6.vip
*.alpha.walmart6.vip
*.api.walmart6.vip
*.app.walmart6.vip
*.argo.walmart6.vip
*.backups.walmart6.vip
*.beta-superset.walmart6.vip
*.blackboard.walmart6.vip
*.cam.walmart6.vip
*.catalogue.walmart6.vip
*.chat.walmart6.vip
*.demo.walmart6.vip
*.random.walmart6.vip
*.sitemap.walmart6.vip
*.sitemaps.walmart6.vip
*.trx.walmart6.vip
*.tz.walmart6.vip
walmart6.vip
*.walmart6.vip
*.ww01.walmart6.vip
*.ww25.walmart6.vip
*.www.walmart6.vip
*.4gw.warno-game.com
*.bupeestv.warno-game.com
warno-game.com
*.warno-game.com
*.kwid9.xn--6iqw1t9xb76ki5hoxby9b.xyz
xn--6iqw1t9xb76ki5hoxby9b.xyz
*.xn--6iqw1t9xb76ki5hoxby9b.xyz
*.kwid9.xn--9kqw7oa341dp63c.xyz
xn--9kqw7oa341dp63c.xyz
*.xn--9kqw7oa341dp63c.xyz
*.kwid9.xn--9kqy4sf2at80brt9b.xyz
xn--9kqy4sf2at80brt9b.xyz
*.xn--9kqy4sf2at80brt9b.xyz
*.kwid9.xn--ioru3fc2t9s3b.xyz
xn--ioru3fc2t9s3b.xyz
*.xn--ioru3fc2t9s3b.xyz
*.me.ybox.cc
*.vip.ybox.cc
*.ww25.ybox.cc
*.ww38.ybox.cc
ybox.cc
*.ybox.cc
Other domains in certificate