Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=ptfirebase-c2.moboreader.net
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 18, 2025
Valid Until
January 16, 2026
68 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A6:90:37:13:62:9E:D6:39:BA:9B:6B:6C:B8:D1:D7:60:7D:C4:CA:F4:D6:55:50:42:71:FD:7F:55:7E:0A:23:BD
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
eternalhopejewelry.com
3warsbattleroyale.app
www.absdispatch.info
app.actual.works
ksp-liff-app.agreco.tech
aiflowmate.com
aireotechworld.com
drawy.alcedogames.com
alexandertsema.com
alexandrutotolici.com
langues-officielles-2016.anagraph.io
crabi-cronos.aseguradoradigital.com.mx
astroamarohn.com
www.benediktevippeextensions.no
qm.careers.bondvet.com
links.brad.team
amigo3.brinias.eu
bucksbork.com
campechebr.com
app.cappitan.org
my.chaostointention.com
chrisxu.wtf
admin.clia.ca
www.mystory.pintech.co.ke
www.bikramkoju.com.np
www.commentbox.io
cubog.co
demo.dev.d21s.com
etsy.dazl.studio
www.deoderize.me
devfest.ch
portal.displayhub.io
dzoba.com
foorize.eliudarudo.com
savings-app.eliudarudo.com
app.etamn.care
eurekamps.com
staging.expedibike.com
www.fimark-rdc.com
findrop.app
fondalosrosales.com
auth.eu.formapprovals.com
www.freeaty.com
www.garyfreund.com
gitflow.app
test.groceries-list.com
test.heavenya.com
vitamotus.icvr.io
thaiminh202416568.id.vn
www.iisht.in
dma.ixitxachitls.net
justinzhao.ca
kiminonaha.net
www.komehyo-buyers-aiapp.com
lakeandlandhomes.com
latrattoria.pizza
www.letswok.gr
lingshuangkong.com
nimda-2.love4succulents.com
research.atlas-apps.mit.edu
ptfirebase-c2.moboreader.net
beta.molnfastigheter.se
vastkuststiftelsen-beta.molnfastigheter.se
monk-soft.com
links.newprotec-dz.com
admin.oaksociety.co.za
www.onlydev.co.za
eve.ggmaeul.or.kr
admin.payke.okinawa
www.quero.pedidorapido.app
peterzjiang.com
app.pixapup.com
kologkomfur.reepco.dk
www.rounakjha.in
wycombe.scouthub.app
www.snecompany.com
www.snoopdao.xyz
office-staging.sovoro.kr
admin.spielo.app
www.starpot.in
dreamyjewel.mg.synkgames.com
www.themindflex.in
www.triplebrainsolutions.co.za
zeus.turnosweb.app
www.valoriaconsulting.ma
app.ver.video
visinema.co
www.vivacy-academy.com
focoapp.vpqlabs.com
preprod.walkinwallet.com
www.backstage.wallas.world
www.websodyhk.com
modern.labandera.wizher.com
wordsquared.xyz
www.222.bike
wynyardbodycare.com.au
d.xmed.uz
www.xroad.app
yobot.co.nz
zaccaroyachtdesign.com
Other domains in certificate