Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=panel.dbmgroup.nl
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 25, 2025
Valid Until
March 25, 2026
88 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A4:EC:3C:9F:20:C9:2A:BE:C0:27:C4:1F:10:6F:80:7F:49:A2:CF:9C:4A:49:74:5A:D1:65:E3:F2:0B:1A:01:86
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
glooteck.com
scen.alfrednerstu.com
amphitrite.site
www.amphitrite.site
askaret.com
ayontech.co.uk
bisio.app
www.bisio.app
fireship-english.bjarnimax.com
blimp.email
www.botlabs.co.uk
www.buycorp.co.za
typespeed.cdcdisdiksulsel.info
theluna.co.in
aadvik.code316.dev
www.cogbase.com
moonarts.com.pk
reporting-staging.carclub.com.sg
meka-tech.com.tr
www.meka-tech.com.tr
www.shenghuei.com.tw
www.contracts.plus
www.cyom.com.br
dbilabs.com
panel.dbmgroup.nl
www.deltyo.fr
www.dentistamooca.com.br
www.devasyainnovations.com
web-staging.doyumeibo.jp
www.dutchdials.com
app.foundationeep.org
cloud.fredlund.nu
fretebao.com.br
gaterescue.com
genecare.online
grainfrastructure.com
post.hcw.one
www.cekulis.id.lv
www.esfrit.ihhsfair.com
www.inspestr.com
ipxdi.com
admin-forum.jazaninv.sa
johnbrowncreations.com
k-auto.store
kangjie.autos
www.kangjie.autos
www.kopiev.studio
nehirkoltukyikama.kozanonline.com
lanxie.rest
www.lanxie.rest
laudamus.app
sanwajimuki.lfv.jp
www.malawistore.com
maloobjemovekontejnery.cz
www.markedthis.com
www.matrixofislamicsoftware.com
www.mctech-service.com.mx
api.mindburp.se
invite.dev.imagine-impact.mindklab.com
monitor2move.dk
widerlov.demo.movello.se
mycodecamp.com
mck-demo.neap.co
safety.newtn.life
na.nobre.one
www.onlinecounters.app
www.opriori.com
mapa-develop.arco.org.br
outsideapps.co
www.pensioenbijarseuslab.nl
polivote.kr
www.polivote.kr
postdog.io
example.presentum.dev
merch.proxyteng.nl
info.rinzc.net
www.rivieragroup.pk
sainiphysios.in
samosirco.com
spartaboss.com
sportips.com.br
sounderstrivia.sqwadhq.com
golfstatsapp.statschamp.com
stormchasers.uk
www.sttammanyrepublicans.org
sunrise-hs.jp
taxi-kininarushi.com
api.tensorbrick.com
thino-it.be
staging.towpro.io
tstyres.in
www.tutaxi.co
edge.utako-tune.jp
visionsarthi.in
auth.vividsurvey.com
www.windelfreiheit.de
wouldtheybuy.com
www.yaisana.com
admin.zeone.in
www.admin.zeone.in
Other domains in certificate