Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=cha.cafe
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 11, 2025
Valid Until
January 10, 2026
50 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
35:E7:63:5F:2E:78:5C:16:32:B9:C5:DE:72:E4:0A:11:18:17:76:A6:C2:16:9D:0B:CE:61:9D:F7:47:97:C1:EF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
fredlund.nu
cms.3dcloud.io
cafestrudel.abacus.co
compass.abrain.it
agile-forward.com
www.aimbrella.com
airesalud.cl
ambalkar.com
appcoa.com
www.aranchaypablo.es
arudito.com
asp-performance.ca
auteurobjects.com
batteryok.in
www.exhibitor.berufsinfo-world.at
www.brandongrant.me
www.builda.homes
centrodearbitrajeymediacion.com
cha.cafe
legal.healthcloud.co.ke
compassionalignedtherapy.com
ecm.api.coopers.pro
www.dcomprasenmiami.com
gestion.deconseil.com
proinvent-4.dev-ltl-xpo.com
www.dnalauncher.com
admin-staging.doyumeibo.jp
dynode.dev
karur.eacabs.com
openvar.ecampus.camp
tanzania.eeaser.com
forms.em3law.com
epicgoodsco.com
ufm.fastvalue.vn
app.figueroahermanos.com
foxdale1651.com
www.frederikbehrens.com
esp32.gillspie.com
haisushidelivery.com.br
dice-roller.handc.app
queue-customer-test.digitalse.ikea.com
hwdlongbeach.impactwrap.com
join.isprout.com
mesa.izfood.com.br
trash.jazo.ca
jeanniechiem.com
match.karla.ai
cloud.kuto.app
trivia.lancejabr.com
www.lescrocsdelanight.fr
www.liar.fyi
lognira.com
app.lstn.ai
librojuegos.mal3kith.com
mayaeduweb.mayamd.ai
app.medocoach.online
officialspanel.mka-karate.org
move-n-it.co.uk
www.namal.dev
reshop.nxgsoftware.dev
social.odpay.in
firebase-chat.okdohyuk.dev
www.orangenest.id
www.provabic.com
cop15.cmm.qc.ca
ra1no3o.dev
radontechnologies.in
market.rahsathi.com
www.raidbuilder.app
canteenmgmt.rcloud.dev
renewablewardrobe.com
www.robertomotors.com
www.romanyefimets.com
crew.runwayclub.dev
sedlarobchod.cz
www.seekersandadvisors.com
cents2bills.sipora.io
soapmagazine.net
www.soldmaui.com
sonarping.de
ai-web-test.sportskingdom.io
www.sreemagaltravels.com
steppingstonescommunitysupport.com
stickerland.app
structility.com
azparts.swapptechs.com
www.teknodevs.com
analytics.tempo.systems
app.testograph.com
uneleap.com
vendlive.us
provider.verifymy.id
www.virshields.de
www.vojtechhoranek.cz
reservations.watersedge.lk
www.wereviewhq.com
whatwayto.com
wifiwarden.app
willisandbuckley.com
testing.labcare.zym365.com
Other domains in certificate