Open
Cached
·
just now
78/100
SECURITY SCORE
Certificate Information
Subject
CN=chrysalismassagetherapy.org
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 27, 2025
Valid Until
February 25, 2026
87 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
01:B2:F4:1B:01:BC:0D:34:11:18:5D:7E:19:96:86:0D:60:D8:EF:77:BB:DC:61:43:18:1A:61:BB:D8:C8:74:3E
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Weak
require-trusted-types-for; report-uri; object-src; +3 more
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-uEmiWKdqMbcHBlBozl9gSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
gdll.foodle.su
www.abenzaggagh.com
adamtvapp.com
adaptivepomodoro.com
algorythm.one
www.algorythm.one
service.alko-garden.de
almaglobalstrategies.com
amfi.ca
angelstrail.com
www.artfaktor.pl
astroanekant.com
atlantaloverseas.com
www.attravels.com.au
aurora-x.ai
www.aurora-x.ai
autohirebot.com
www.badmintonireland.com
berkayvuranok.com
biket.club
brainzdigital.com
callable.run
chd.su
chitkoko.org
chrysalismassagetherapy.org
www.protech-il.co.il
moneyplaybook.coachjfinancial.com
admin.conciergia.ai
datapolitic.org
defycars.com
chat.dittrium.com
dmcstock.co.uk
drovto.co
www.easygolf.net
www.elitearmymx.com
www.eriksvenssongrape.com
everclass.app
dashboard.findpotential.org
ftavenezuela.com.ve
myfxview.fxssk.com
hadtechnologies.org
www.handmadecon.org
hayokmedicare.ng
store.helios.id
ineteduca.com
jurciusodyba.lt
livestudiopro.com
lydiahealth.com
mcq.red
metagroup.fi
www.metagroup.fi
www.dj.misterboda.es
modernhr.org
supply.mosil.app
comper.multifamilyadvisors.com
www.naewfoundation.com
balance.newsenses.net
smartinspect.nextfleet.net.au
noroc.life
www.notetrainingnow.com
nuiriankh.net
www.nureddin.me
onedrunkchef.com
pensionesmetamorfosis.com
percivalshop.com
perspectivepoll.online
photodiego.com
auth.pigz.com.br
www.pluspoint.charity
pmrdeals.com
staging.preggersapp.com
barkeep.schism.co
selamsafety.com
shipdocket.com
sierrascaling.com
g5vsk2lszanbkf9k4qi3.smartimob.io
ttrack.smehsan.com
www.soundsthesameas.com
admin.sreeramacrackers.com
sreeramacrackers.com
starstuckstudio.in
studentnote.xyz
symmorphic.com
www.techrave.com.au
uk.testla.nl
www.thesimplegeography.de
test.tiply.ee
tonysbriggs.uk
tournament.troves.gg
upperechelmon.com
vaijaentregas.com.br
www.valkcablecareplanner.nl
vehicle-vitals.com
wizrds.co
vplay.work.gd
pernambucanas.xptoconsig.com.br
dss.zobbe.com
zonglist.com
zuporiabitehub.cloud
zuppivariedadesmix.com
Other domains in certificate