Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=api.ngaymaidamcuoi.com
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
December 04, 2025
Valid Until
March 04, 2026
46 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A6:D8:2E:41:35:13:3F:BC:64:2B:A8:D0:25:8D:CF:23:41:C4:36:CF:E0:AF:48:5D:A7:31:F1:06:0D:2C:58:44
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Wildcard CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 6 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
fashiostyles.com
d4b.5loyalty.com
adarshsinghal.com
client.annonce-legale-officielle.fr
archifinance.app
artordot.com
ashwinshrestha.com
astrid-entertainment.com
atakote.com
bbhofvanheden.com
www.bitnevis.org
admin.bube.business
bytecraft.si
camigoapp.com
ceo.cloudlogics.dev
home-choice.com.hk
auth.korra.com.ng
vxchange.com.ph
csmart.jp
shobdle.devs-core.com
link.erecruiter.pl
escueladeartegc.com.ar
medical-auth-dev.fantry.jp
www.flighttravelservices.com
www.gacci.in
flippybox.games235.com
hadfamily.com
dev-integration-hubspot.harvestr.io
apps.hisa.co
vagasway.iicio.com.br
insurrectas.com
jestplus.az
kaishi.jp
www.kenebae.com
cp.kw550.com
logintechlabs.com
lursight.com
ethel.mainies.com
auth.makedocs.net
firelisp.matt.is
duport.client.v1.staging.mazuma.dev
mazuma.client.v1.staging.mazuma.dev
app.meschantiers.io
www.mjames.dev
www.monkeygarbage.co.uk
motupatlu.pk
dev.myfrontdoor.app
myhousebuddy.nl
api.ngaymaidamcuoi.com
presale.orapay.io
starlight.org.in
overthinkidea.com
tracking-dev.pharox.io
viscontent.poweradmin.io
dev.powerai.io
qr-dev.quardy.app
rgleave.dev
www.rhythmplus.io
deplacements-pro.roadmate.io
pilotage.roadmate.io
llc.robomagi.com
desks.satalia.com
scotchmedia.com
shearai.com
join.showground.io
links.shwdwn.io
www.sidhartharya.com
invitation.sipass.io
ticket.sipass.io
smartwebsolutions.cloud
sobrosaroyalcasino.com
apps.steunpunttoetsen.be
staging-static.storybound.kids
www.studiomango.net
app.sunparison.io
www.sytacle.com
www.tomr.io
web.totalum.app
transportesryf.cl
lider.tricore.io
tunup.io
draft.u-factor.io
www.uparrows.io
verify.vazapay.com
dev-reviewer.vester.ai
void-walkers.com
ihg-australia.vouchercart.com
weaving-masters.co.za
webtool.my
weclikd.com
weldri.com
wellnessnaka.com
whollycowburgers.com
www.whollycowburgers.com
xeqout.com
www.xn--smnchecken-ecb.se
xn--tozanlaryapas-ebc.com
xosocitizen.com
yasuworks.com
shikibetsuhyo.yysaki.com
Other domains in certificate