Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=dekcom.tsn.ac.th
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 24, 2025
Valid Until
February 22, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
31:DB:39:F3:54:8C:6E:9B:0A:DE:0D:BC:36:44:B3:41:DE:97:21:D6:3C:FD:3E:63:F5:B3:A4:E2:E5:DB:50:D5
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
ianimate.studio
2025.gvkontroll.se
dekcom.tsn.ac.th
acuajardin.com
click.aio.network
ak-hpk.cz
anndasound.com
atrobotica.com
www.bioflightvr.com
www.briansawaylunch.com
byscoot.eu
www.casetools.app
classcend.com
link.bogoworks.co.kr
classicshumba.co.zw
members.coachedbygj.com
cotentia.com
portal.decoda.com
app.destinify.com
webmail.divshot.com
www.elyusessions.com
sin-seminar.filipmiik.cz
preview.firebirdmovie.com
india.flux.chat
funjit.com
businessportal.funzeventz.io
www.gobo.com
www.growthdiary.blog
hiroto78.com
test.hive.properties
staging-signup.hoofit.app
www.indemnitevelo.fr
www.instalater-malanik.eu
dev.inventy-app.com
pf1.irdo.net
www.jackomeara.xyz
verify.justwisely.com
laflotechhub.com
cookies.leobottaro.com
link.mintyscore.com
mobdev.com.br
mone-pla.co.jp
mopi.cl
www.mopi.cl
mtxelectronics.com
plantify.mvlanga.com
productos.informacion.my.id
www.py.n00kl33r.org
dadeldhura.nepaldrivinglicense.site
dhankuta.nepaldrivinglicense.site
doti.nepaldrivinglicense.site
dumre.nepaldrivinglicense.site
kawasoti.nepaldrivinglicense.site
www.neuralworkx.com
auth.newcollab.co
www.newrivercoding.com
platform.desk.nexat.de
www.nftapas.app
join.nodemy.info
ntakwa.com
offworldtv.com
oiler24.pl
onbitclinic.com
optioney.com
www.mak.org.in
paphosboattours.com
pechhacker.at
mateoetlesamigxsexpress.pinkbeton.com
quarry.vc
quicklyupdate.co.za
ramanouski.com
ranpe.fr
rgnmedical.com.au
demo-portal.riyo.io
robertoestivill.com
www.scholyr.com
zoom.scj.io
app.securityamperu.pe
smpanelinn.com
app.smscubano.com
eventos.sonae.pt
api.spotribe.jp
storiagen.com
sudarnepal.com
app2.tablechamp.at
taco-quest.com
the-sibundong.com
thehomecg.com
i.thx.to
my2.touchplan.io
app.staging.trainsweateat.com
lungyikphuketemenu.triggersplus.com
checkplus.truecordis.co
tundrasoftwarellc.com
app.unifiedai.tech
warhammerquest.se
staging.webzabe.rocks
dev.wiselysoftware.com
tool.x-wallet.io
xiobit.com
Other domains in certificate