DNS Gurus
Cached · just now
76/100 SECURITY SCORE

Certificate Information

Subject
CN=fancy.exchange
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
January 31, 2026
Valid Until
May 01, 2026 80 days
Public Key
RSA 4096 bit Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A0:56:AA:27:30:DC:19:82:4B:16:E8:5A:E1:58:F3:16:03:BA:C1:65:44:B1:9F:CE:40:D9:09:94:8D:B1:05:72
Alternative Names
89 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Add Strict-Transport-Security header with max-age of at least 1 year
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains
oxtar.com *.oxtar.com *.blog.oxtar.com

Other domains in certificate

aurora-pay.site *.aurora-pay.site *.voice.aurora-pay.site
cines3.com *.cines3.com *.core1.cines3.com
empowertoolkit.eu *.empowertoolkit.eu *.wildcard.empowertoolkit.eu
fancy.exchange *.fancy.exchange *.shop.fancy.exchange
groupvacationfinders.xyz *.groupvacationfinders.xyz *.qk6fu.groupvacationfinders.xyz
hdfc.life *.hdfc.life *.snapwork.hdfc.life *.ww38.hdfc.life
*.agthl207-167-7-7.hinz.com hinz.com *.hinz.com *.van.hinz.com
insolvenbekanntmachungen.de *.insolvenbekanntmachungen.de *.wildcard.insolvenbekanntmachungen.de
junglezone.com *.junglezone.com *.webvpn.junglezone.com
*.blog.liwaicui.com liwaicui.com *.liwaicui.com *.renzheng.liwaicui.com *.vbbtprf.liwaicui.com
*.alpha.mediacomcabe.com *.blog.mediacomcabe.com *.ci.mediacomcabe.com *.cicd.mediacomcabe.com *.cit.mediacomcabe.com *.deimos.mediacomcabe.com *.demo.mediacomcabe.com *.dev.mediacomcabe.com *.development.mediacomcabe.com *.europewest.mediacomcabe.com *.forum.mediacomcabe.com *.galeria.mediacomcabe.com *.galleries.mediacomcabe.com *.healthcare.mediacomcabe.com *.hotfix.mediacomcabe.com *.jenkins.mediacomcabe.com *.jobs.mediacomcabe.com *.k.mediacomcabe.com mediacomcabe.com *.mediacomcabe.com *.mobile.mediacomcabe.com *.net.mediacomcabe.com *.pipeline.mediacomcabe.com *.poc.mediacomcabe.com *.pool.mediacomcabe.com *.preprod.mediacomcabe.com *.production.mediacomcabe.com *.sandbox.mediacomcabe.com *.server4.mediacomcabe.com *.sitemap.mediacomcabe.com *.smtp7.mediacomcabe.com *.tech.mediacomcabe.com *.ww25.mediacomcabe.com
qianyuegame.com *.qianyuegame.com *.wildcard.qianyuegame.com *.ww01.qianyuegame.com *.ww25.qianyuegame.com
*.app.renderia.online *.dev.renderia.online *.localhost.renderia.online renderia.online *.renderia.online
*.athome.spoity.com spoity.com *.spoity.com
*.acs.tikona.com tikona.com *.tikona.com
tittypix.com *.tittypix.com *.wildcard.tittypix.com