SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Expired Certificate - the server's certificate has expired
Open
Cached
·
just now
62/100
SECURITY SCORE
Certificate Information
Subject
CN=hema.school
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
April 03, 2025
Valid Until
July 02, 2025
Expired
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
B1:53:DD:D5:54:6C:02:27:85:F5:02:E2:04:CA:C0:61:75:56:D2:8A:EC:DF:2A:02:7D:26:D9:93:9D:59:8B:61
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
jetlingo.com
tournaments.13tcg.com
wedding.adamino.dk
app.advancedonlineinsights.com
chrono.agamworks.com
agro-league.link
setup.wizard.aivie.ch
aladel.org
ccptraining.alinkeo.com
www.asq.ro
autocaptainz.com
www.avenue.fi
su.b-smart.tech
video.birwadi.com
shitcoin.bitcoincash.social
www.blackhill.co
blekejet.nl
boozygame.com
www.boucherpl.com
bubblediagram.com
calculamesto.com
abhyasa-manage.classet.in
about-angel.codeforge.com.mx
vepor.com.uy
auth.compeatnutrition.com
covenipuzzle.com
www.crdls.com
cribolage.com
tolearn.dbarbero.com
www.deutsch.uz
www.devisor.com.br
app.domeiq.com
dunati.com.ve
dynki.com
cdttu.edu.vn
www.farmresq.com
admin.flowby.io
de.foefox.com
pass.fortunescope.app
www.friedmanpe.com
aski.furry.my
www.gesatel.com
gifty.sale
www.godonew.com
greenlightbalance.com
hema.school
ipm.hl-dev.eu
staging.race.indo.run
www.intepro.com.co
app.isport360.com
sb.ivankana.com
jcspgh.com
joeyqueue.com
www.jungy.business
kelvys.com.br
menu.ksites.in
console.business.kurasub.com
results.labport.app
leonardomerlin.com.br
letterfan.jp
mobile.parnassys.lexlibris.nl
tips-plan.metalogos.site
mohit.app
dev.monittor.com
fajito.montepiedad.com.mx
www.moomugs.com
api.musaffa.com
app.mycrafty.de
www.myotrainer.net
www.napitap.hu
dev.portal.nexzen.app
www.odontobb.com
www.oneshoeco.com
triggeredturtle.pense.co.uk
deeplink.petprice.kr
store.planck.biz
prashantkaushik.ca
www.premier-pump.app
template-01.project52.site
www.projetera.ca
pxlcoop.com
app.quizmasters.sk
reallidi.com.br
record-planet.com
oo.retailoptimizer.com
www.samuelru.com
www.seasidemedia1.com
sipply.app
spiritualswordmissions.com
manager-stage.stackedinvest.com
calendar.stuten.dev
lab.dev3.svexa.com
swordfishwp.com
instance3.tallyfor.com
tst.tbltns.app
tomwongwingchun.com
link.tsylana.com
uioffice.kr
yapplications.com
app.youtranslate.bible
Other domains in certificate