Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=courses.nxgl.ai
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 06, 2025
Valid Until
February 04, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
F5:FA:8A:3A:C4:84:B4:3F:89:98:D2:F2:A3:3C:B5:A2:9E:0B:28:3B:DA:7A:DA:91:1C:F6:E4:34:4C:CB:41:29
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
josecarrizo.com.ar
www.2nice.co
bonnier-staging.adssets.com
help.adventurestore.me
www.babooncorp.com
apps.beepboop.tech
biliexpress.com.br
bingobingo.live
www.bitcoinmap.cash
bytegym.app
capital-market.in
centrelareussite.com
clef-innov-va.clef-innov.com
app.clicauto.com.br
invoice-handler.coffee-fellows.app
www.spinecentre.com.hk
gevgetechnology.com.tr
avarihotel.com.vn
dataroute.ai
webadmin.dheerancrackers.com
divicom.hml.portalcliente.divitech.com.br
www.dolphinsne.ws
staging.drinkagenda.com
drivewise.bg
presenca.ecbsistemas.com
www.ekfarmer.com
entunboxed.com
everlight-bot.cf
www.finderella.io
formatgenie.app
fuehlen-verstehen-gestalten.de
ganache.com
gd03.me
weather.generics.app
kristinandjohn.gnuite.com
customerdemos.gonative.io
npoo.grad.hr
www.haybarro.com
hoaxbuster.ai
ianbabington.com
hr.igmschool.in
unete.inmovalor.es
vender.inmovalor.es
www.jippymart.online
kimbros.xyz
klattersommare.se
langmajer.cz
signing-portal.legale.io
www.liamkey.com
limpiezatonbel.com
locandadecolli.it
link.magical.app
medicall.com
memu.live
hub.mshguru.com
www.murdermysterylog.com
my-physio.in
myprotection.ai
myrareaesthetics.com
admin.narratify.ai
numeco.gr
courses.nxgl.ai
office360.in
staticcdn.officeio.net
auth.overstory.com
timetally.pierresucker.com
carby.pixoby.space
planyourcargo.in
www.pluginsw.com
slovenik.pokope.sk
p5.porch.gallery
pragmadb.com
praveenmineral.com
propco.ai
www.puddletheory.com
firebase-test2.qeeu.cn
todo.redsols.com
mermade-dev.saztrek.app
shouldi.guru
smartaware.de
sofutouea.com
www.squaremobileapp.com
page.starsnest.com
sugambuilders.com
sustx.xyz
admin.switchworks.pro
www.synlig.ai
tautasroks.co.uk
the-fmd.com
affiliate.tindi.network
www.tlic2025winter.org
typechrono.online
versus-studios.com
viseo.app
vodvilsahne.com
web-test.voltie.us
as.wink.codes
tp.xlan.online
hey.yojo.sh
zingzeal.in
Other domains in certificate