Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.hvkale.me
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 06, 2025
Valid Until
January 04, 2026
37 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
63:5E:51:49:BC:26:A1:E3:83:FA:06:0F:33:FC:83:2F:B4:7B:4A:88:5A:DC:0E:C0:3A:33:8D:AF:1D:3D:85:FF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
hrocberlin.org
4kissa.me
ticketing.accounta.app
agent.aginidhi.com
agnetic.ai
invite.aimpact.ai
app.akhbarna.today
admin-apk.apnaklub.com
lists.ashtonloosli.com
pro.atgrapevine.com
www.atgrapevine.com
www.atteberywedding.com
www.austincustomerrands.com
www.autohubkw.com
www.avancix.com
www.avarupt.com
api.avitracer.com
www.avocash.com
www.awsmnss.com
www.ayankapoor.com
www.aycmumbai.com
www.baannok888.com
app.badboygorillamob.com
www.badboygorillamob.com
dashboard.baithakrestro.com
www.ballotbloc.com
www.baltrowgroup.com
sticker.bannodiary.com
www.bannodiary.com
www.baobab-mr.com
www.bare-games.com
panel.basketfan.com
bayualfian.com
www.bayualfian.com
beautygigis.com
www.beautygigis.com
bekandlukewillsoonbedenton.com
www.bekandlukewillsoonbedenton.com
app.benchmateapp.com
benessa.com
benmcclure.com
app.bexup.com
beyondboundariesuae.com
www.beyoursoulmate.com
l.bfi.mobi
bicfiyatlistesi.com
bidvisit.com
bigtreeworld.com
bilgesin.com
go.bitvedas.com
blanketeering.com
bloxize.com
diary.brendanle.me
cabalangoaluminios.com
testfirebase.carports.co.za
customer.eu.clearquote.io
dl-dev.fita.co.id
shambanet.bashmania.co.tz
coinforge.me
dmemusic.com.my
reelest.com.ng
www.sdplaton.com.ph
fnb.namsutech.com.vn
impactportal.coralgardeners.org
auth.cuci.id
demo.dalgamuni.me
development.admin.earthly.org
functions.eosn.io
expensifire.com
www.femfast.app
auth.fontedosleiloes.com.br
www.hvkale.me
game.ptit.id.vn
ismcorpprogram.org
tv.linkbong11.io
tv.linkbong12.me
m-u.kr
qrcard1.marketingverbund.de
medprime-elect.medihelp.co.za
advocate.medlifemovement.org
colmena.net.co
dev.doctor.nuuphealth.com
www.kgh.org.il
carsnet.piti.app
planetarium.life
plazah.co
platform.regenenergy.io
numerical-tic-tac-toe.shasw.at
origin-aficsor-publish.skawa.fun
www.snapdecision.app
get.soundworks.app
form.sportfelix.it
studiofrelka.pl
sz.sa
parent.tassorbit.com.au
teatime.party
thesciencecapital.org.uk
internal.wolv.io
www.wunderhome.no
www.1622.com.au
Other domains in certificate