SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Expired Certificate - the server's certificate has expired
Open
Cached
·
just now
62/100
SECURITY SCORE
Certificate Information
Subject
CN=nlp.cothema.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
April 30, 2025
Valid Until
July 30, 2025
Expired
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C9:56:E8:66:39:0F:2B:5C:C7:B5:FF:19:C5:9C:31:DC:C3:3E:4E:9C:E3:0C:D4:F7:31:9A:84:7C:4D:8A:F7:50
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
hom.quantumrfid.com
www.assertionaccounting.com
dashboard.bahakeldigitalmedia.com
ballerhill.com
www.behiredremote.com
marketing.bintern.com
report.skulptdev.bycopilot.com
chrisdz.com
clarityautospa.net
www.cleancrazeni.co.uk
www.cleanbox.co.il
app.zenlipa.co.ke
www.codekraftsolutions.com
go-abaq.dev.conductiva.com
nlp.cothema.com
il.account.courtfilenowapp.com
criadordecurriculo.com.br
dashboard.prod.crilabs.net
dailydentist.ca
app.probowl.dasgym.com
emkay.daudi.africa
donaldposkitt.com
dev-portal.eqibank.com
dashboard.estatesync.com
www.esthermonzo.com
exp-ai.com
flutterdude.com
login.forbes.com
beta.foundershield.com
sdk-wuolah.froged.com
app.geohoney.com
jpmc.getcafex.com
smartfactory.getcafex.com
sn09.getcafex.com
www.gkcloud.no
pwg.gracevillecc.org
group-reading.com
gunespeksen.com
equipment.harecord.com
hatcab.com
havasuoffer.com
heramagroup.com
www.hodhod.cc
howfastdoitype.com
hushhushgali.com
www.idowakingdom.com
pwa.iidemo.com
www.elections.iitmbs.org
www.invitation-apps.com
app.jan8.net
www.karelcompiler.xyz
link.kidfindserver.com
www.killervirgo.com
ipp-pretest.klarway.com
www.kokemustenkautta.fi
koomzo.com
app.ktovisitkorea.com
lawyerlancer.com
portal.luzdaserra.com.br
app.marimole.com
mech-key.com
mediafinanciers.com
megamunch.megapos.shop
miamichicken.megapos.shop
no39.megapos.shop
test.megapos.shop
mensagemwhats.com.br
radio.metaverse-academy.ch
link.app.mojob.io
booking.mountainmanagement.com
clientes.mueblesmc.com.ar
nickwarren.ca
driver-app.oboz.com
ogabook.com
jagriti.gcect.org.in
old.pack744.com
redline.palmexus.com
pamoteam.com
partiallyrekt.com
www.plutusrealty.com
www.portail-restaurer.ca
app.portfolio-overview.com
api.prayerwall.church
priffe.exchange
www.profesyonelcemuhendislik.com
app.pia.rainbytes.com
qr.rubbish.love
www.rubysinclair.com
sahilhpatel.com
sheqprac.com
uat.smartleads.so
friedenspreis-muenster.spring-board.dev
www.thevcwhisperer.io
www.transitaxmexico.com
www.tty.dev
www.tutoral.org
www.vickbscontracting.com
staging.wewalk.app
wishtack.io
www.xchbalance.com
Other domains in certificate