Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=demo.bi.garoma.de
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 08, 2025
Valid Until
January 06, 2026
59 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5D:DD:06:54:4A:85:B9:38:4D:E1:0E:C3:27:4B:F6:CA:73:9D:09:C2:50:4F:2E:3B:1A:40:CE:09:F0:FE:90:15
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
evang9.wien
www.333sanmishopping.com
admin.4komabu.com
reservoir.acecap.com
www.agroeira.pt
ajaddons.com
alexdev.se
anatomiakrakow.pl
anydayllc.com
demo-aspen.appkitpro.com
vms.apprise.be
aravindhan.in
archipelmarket.com
ashutoshkrbhargava.com
walmarthealth-next.braid.health
c1nservices.com
chopserve-pos.alpha.captainfresh.com
cd-bm.biz
demo.climbnow.io
ceo.cloudlogics.dev
codefrenzy.in
www.colecta.app
vxchange.com.ph
www.darline.com.sa
enescan.com.tr
simersoft.com.tr
confeccionesmaures.cl
countrystatecity.xyz
www.cwkc.org
davidcobbina.com
www.dharoma.in
resto.dihola.uy
mcq.duocsaigon.com
ebrs.ca
eveningjobs.uk
flirtz.com.au
demo.bi.garoma.de
gentry-plainsboro.com
portal.ghostline.xyz
happy-camper.ca
hasitha.co.uk
hengstenberg.biz
hotdesk.ai
users-dev.hotwax.io
housedeathwedding.com
conduongdisanmientrung.id.vn
partners-intg.infusiontest.com
roomblush-prod.innotactsoftware.com
testportal.inovajuris.com.br
cocheseguroclubpremier.inter.mx
advisor-kpl-stage-7.ischoolconnect.com
www.ivannnicole.com
www.kalewi.de
lazyheroez.kro.kr
kuyentrekking.com
cp.kw550.com
creator-beta.lifo.ai
app.lovecchioag.ch
www.m-powercollective.com
masterguttersusa.com
mateburazer.com
www.michaeldonahue.com
svenskamaklarhuset.demo.movello.se
movitsport.nl
multiarena.com.br
www.myneuronest.com.au
neon-arc.com
newsengine.ai
nightjobs.uk
admin.nuvocliniq.in
adminy.octaos.com
of-the-mathematics.app
www.oldrussiancoins.com
gurukultechvidya.org.in
pacificdatajaya.com
order-at-table.keflavik.ltr.paymytable.com
politrend.ca
app.pulsekittens.io
scribe.rahulmahajan.dev
raido.cl
llc.robomagi.com
sanaruttu.fi
searchnear.net
www.semprealertajardinagem.com.br
sorrell.dev
bullsqrscan.sqwadhq.com
www.stareasthealth.com
gabriel.stockers.app
about.takein.com
my-02.staging.ternary.app
gyrotonic-bilbao.timp.io
mjdb.tochiji.dev
www.tothstonedesign.hu
vip.vetzen.fr
viewthenumbers.com
virtualcatmachines.com
waestudio.me
www.warrenlotasgift.com
auth.waveassist.io
webcasa.app
Other domains in certificate