Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.fondationulb.be
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 09, 2025
Valid Until
March 09, 2026
87 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
74:B5:B6:2E:A6:6B:4E:05:CB:96:46:04:A9:59:F5:9A:9E:E2:8E:EC:5F:76:49:60:80:A3:AD:DA:33:10:A8:EA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
gniex.com
aaryaeditzapk.store
www.abhishekkrishna.com
maps.test.auckland.ac.nz
staging.addhere.com
ad.agronomes.ru
alexsavizky.com
auth.app-abby.com
www.arkilados.com
as-group-finance.com
bshefa-demo.banglafighter.net
barberbc.pl
bluedotecommerce.net
bodytuningmassagestudio.com
brillameparis.fr
briskine.com
bubbleodysea.com
gran-cook.calmato.jp
live.caratlane.com
cbannon.com
classesdegrees.com
www.co-in.uk
app.yummy.co.id
creativeai.co.kr
www.lartofficial.co.kr
exabyte.com.ng
dch.staging.admin.convercus.io
crabadaguides.com
dailycodingchallenge.com
www.dbcustomoffroad.com
www.digivogue.com
www.eage.io
xadjong.easyapp.co
xkp7bnpr5mo8.easyapp.co
echograde.com
portal.ellipsis.earth
engineears.org
www.enlomash.net
www.estatestats.com
www.fondationulb.be
fourthjdcasa.org
devfestlima.gdglima.com
app.gdprcompliance.dk
getchirrapp.com
gloriadeocooperative.org
l.gripex.pl
hans-lian.com
happinity.life
www.healthherohotline.com
link.heyyou.it
hwcpc.org
iglesialavictoria.org
impactpointchurch.org
wwa.kerp.net
kuchvi.com
kyons.vn
freeschool.glid.lesda.org
menu.loku.io
magepunks.xyz
financeaggregator.makeminespicy.com
www.markosaari.fi
mattbendel.com
aretaeio-dev.mayamd.ai
mcgoeydermatology.org
beta.motormerchants.com.au
muslim.events
admin.portal.myguardiangroup.com
lms.omansats.om
bestellen.palermo-bo.de
www.pigment.ninja
playladderup.com
www.powerthirstnh.com
painel-dev.quemcontrato.com
nfclone.rajeevgorikapudi.in
api.rbsellars.com.au
recyclableblisterpack.co.nz
www.redge.me
livechat.reecegordon.co.uk
rocarou.com
kosx.rowx.in
members.samedical.org
shaunsresume.com
skyland.ai
smakoposhta.com
mcfedututors.snapmentor.no
earningludo.sonalidigitalportal.in
fpbastille.sphure.app
spragueawning.com
starconexus.network
the-robins-nest.us
janata.thetrueservice.in
caa-sls.tio.works
www.topps.app
tradfrilux.com
www.troop340.org
upharmony.org
staging.vark.io
hubnergroupprev.virtual-brand.space
sanity-demo-web.webpunks.it
dl.xerum.it
Other domains in certificate