Open
Cached
·
just now
95/100
SECURITY SCORE
Certificate Information
Subject
CN=ok-noted.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 11, 2025
Valid Until
March 11, 2026
75 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
0F:DB:1E:A8:5D:AD:94:F7:46:E4:01:8B:76:94:30:02:B3:C7:C2:F2:2D:13:3F:7E:D6:09:71:18:5D:5F:CE:74
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Good
default-src; script-src; style-src; +4 more
default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' blob: data: https://gandiwa.com https://*.googleusercontent.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://firebase.googleapis.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), microphone=(), geolocation=(), browsing-topics=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Wildcard CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 6 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
gandiwa.com
1-for-1.org
12thlevel.app
4youbroadband.com
aggccelerate.com
www.aggccelerate.com
alexperryartist.it
astro.alkho.id
alv-renov.fr
ambii.work
assurenest.co.uk
www.assurenest.co.uk
aircraft.atpintra.net
baqu.dev
admin.be-hookd.com
bestpainting.co
auth.brightpeakcapital.com
casemirror.cv
gps.droneworks.co.in
office.blueparking.co.th
www.coderesting.dev
denizmengi.com.tr
committedbodies.co.za
compose.fi
conectatrabalho.com
deskbotai.com
intranet.educacionsexualahora.cl
www.emotionalsupportbots.com
energie-nachrichten.info
auth.evolvewithyogamgmt.yoga
exchangeo.online
ffrekenen.nl
www.ffrekenen.nl
finav.com.mx
note.forthe.top
gameperkz.com
guardianbdtravels.com
guardlydata.com
www.happynol.com
hirelikeapro.app
holzbau-freyer.de
hopetech.space
hurboapp.com
www.hurboapp.com
itemhunt.ike.work
ajuda.infinitylawca.com
www.ingmecarq.com
www.jackpotel.com
jrsosa.co
paymentlink.kredete.com
krukkeniels.dk
kushlopariarts.in
auth.loanexpert.in
upload.mapap.us
www.micgray.com
auth.millevo.com.br
modeldiagnosis.com
modhumotilibrary.com
app.mozbife.shop
nail-generator.com
nefesh-ha-chaim.org
obel.es
ok-noted.com
onurtemizlik.com
www.oozerush.com
www.outsidesignal.com
www.ownblka.com
partreboot.com
app.dev.premise.com
app.propeloai.com
www.rpo-solutions.vn
www.samxtechnologies.com
planner.singular.com.ar
sisasaldo.com
www.sisasaldo.com
solopaylink.com
www.sower.org.au
spiritual-atlas.com
www.superscope.ai
bodabonillaramos.swanmoments.net
www.swapmeals.co.uk
telecomprice.hk
thecontractgenerator.com
therulesframework.com
thetalentlab.es
thirdmm.com
www.tunieken.nl
usetrove.shop
preview.iam.vezham.com
shortlink.vtvgo.vn
www.waghor.com
websassinaga.es
wello.jp
whiteboardweb.co.za
wirajayateknikutama.com
netfliks.work.gd
www.wowmall.rw
zavy.com.br
beta-marketplace.zentility.com
zoescleaning.co
Other domains in certificate