Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=auth.merlininvestor.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 25, 2025
Valid Until
December 24, 2025
34 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C7:7E:F5:26:02:AC:5A:C9:87:18:58:9D:88:16:0D:9D:5A:97:0F:97:F7:7D:72:77:C5:B6:09:8E:04:77:41:1B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
kiismet.com.sg
api.adniter.com
afwebdev.com
agexbe.com
www.ahmedelhalabi.com
vcard.ambivo.com
www.amplitudefestival.com
dev-auth.atgo.app
bakrin.com
bananaheist.com
banburycrossing.com
ekyc.banexcoin.com
play.bibendo.nl
bountycoin.club
www.brmill.com.br
www.byhorse.com
candyfighter.com
cedvalley.com
orderorbit.centrictech.net
chiefsoft.co.uk
ki-tattoo.chrisrichter.dev
custom.dev.clevateam.io
pogodin.co.il
docs.cognite.com
confieval.com
crexis.com
www.csepulv.com
www.dlsfixit.com
www.dunakanyarballon.hu
dysconstructora.com
casanossa.edsys.com.br
demo.emergencydentaldirect.com
flow-europa-center.equiem.mobi
etiennelebel.com
www.failedxperiments.com
link-accp.fitterup.com
firebase.flutter.dev
flyashpak.com
fordental.fr
foresthillchurch.tv
www.foxytimetracker.com
www.game-cards.app
login.gazipay.com
www.gitaiot.com
staging.gobertha.com
auth.gocrisp.com
www.godeadon.com
gokmengoksel.com
app.greatoaksfinance.com
growmesocial.in
hamotech.sg
heliosappliedscience.com
hochziit-bero.ch
whatsapp.hookz.ai
membership.ifac.org
auth.ivoy.mx
www.jdsaocaetanoimoveis.com.br
joint-efforts-ug.org
www.junh.dev
dev-auth.k-9apps.com
khaledbadran.ca
www.leadcon.pro
dev.letsfundit.org
liquidity-flow.com
www.logs.tools
lyrnwithus.com
www.m-austin.co.uk
marspixels.com
auth.merlininvestor.com
mirakist.com
quick-look.mkelley.dev
www.mods.dev
adm.nolte-montenegro.me
www.nxttry.de
patagoniaalpineguides.com
www.perwollnt.me
www.playmade.co.uk
www.plenavida.com.br
whattheface.pxon.com
r3pa.dev
api.mosaic.rcopstein.com
app.runanywr.com
sayaorganization.org
app.statplus.io
sugarmatch.vip
chat-admin.surgeonsadvisor.com
teevox.com
throwback.cloud
test.traveltimeline.app
unifiedministries.app
uvetko.com
solutions.vajraiot.com
variskindo.xyz
vibelign.com
wasm.party
westphal.pw
talent.worthgrowth.com
wowworldwideholidays.com
telos.zeptagram.com
app.zonemii.com
Other domains in certificate