Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=ubadvocates.mn
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 02, 2025
Valid Until
January 31, 2026
33 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
47:F8:5F:6B:6A:E4:9D:F4:85:31:35:65:C8:E2:8A:99:41:43:5B:A0:A3:4A:28:62:2B:4B:82:3B:EC:BF:BB:43
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
fontflipper.com
11521643.peerly.app
11521715.peerly.app
21stcenturysextherapy.com
hon-unit-config.3dcloud.io
app.alpha.africa
color-picker.appsvek.com
www.arktika.fi
www.sirah-collab.arrijal.com
arsense.app
artha-fs.com
as-kosmetolog.pl
teads-gucci-sunglasses.atelar.com
www.bhartiyaonline.in
www.bidnbiz.com
app.bisericaimpact.com
www.blackhawkmanor.com
new.bluehouse.is
bomaadvisors.com
brightviewsolar.com
cameronnewborn.com
eurogold-test-backoffice.cbdata.sk
certifi.cloud
staging1566.classesdegrees.com
arpanasoftwaressolution.co.in
dashboard.xpulse-cms.co.in
live.roadcast.co.in
download.coincave.app
cryptotrade.com.ua
partner-app.daikin.com.vn
dilalteam.ma
tenkan.discoveryourjourney.info
www.discoveryourjourney.info
www.dudacek.eu
figure.e-onlineservice.com
produccion.elcocrc.com
test.elo-b.sk
grace100.eventvio.com
florianklein.me
flowerlike.app
app.cashq.friedinkstudio.com
geaugasleep.com
www.giftpointscalculator.com
www.googoosalon.com
www.greatsmiledeerfield.com
www.haasjennsen.ee
humancloudmanifesto.org
ibrahimdairies.pk
www.inentrep.no
admin.inventoryshield.com
www.joinbid.com.br
www.kiotobcn.com
kishanpanchal.in
app.lendesca.com
mylsi.lsidentalbilling.com
lummen.co
majorminer.io
maroujalrafdin.com
marutitech.in
www.maxidecesare.com.ar
melhorescaseiros.club
www.meritmore.com
www.mobeenfolio.com
focus-timer.murata0705.com
www.naildiseasesai.site
www.ngonimujuru.com
www.nikomed.hu
www.novellla.app
orchestraforstride.com
mitra-app.pasarpolis.io
pascal.pt
todo.patou.dev
www.penum.com
peterip-associates.com
pocheco-pachico.com
polypyro.com
kysweb.prosparency.com
sudoku.raketten.net
app.risendevices.com
westsidenewark.schoolofthought.us
sinasalehi.com
boleslav.skoda-parking.cz
sntssseccion26tab.com
www.spbsg.ca
stillac.com
uso-admin.t-suzu.com
www.thedevguys.ro
thefridge.online
test.ticketbuddy.in
tinyhousehjort.nl
www.tomartopia.wtf
track.tracknowgps.com
www.trybook.com.au
tsur51.ru
ubadvocates.mn
www.wavesbyte.cl
signin.wecommend.app
www.y-queue.com
yaylahan.com
test.zkmakers.com
Other domains in certificate