Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=merlin-extension.com
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
March 24, 2026
Valid Until
June 22, 2026
34 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
19:75:7C:E4:29:68:B7:A0:41:9A:23:36:AE:24:92:2C:AA:96:A5:A4:5D:33:41:60:0F:36:DA:E6:DF:C6:43:A7
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
kiss.cm
*.kiss.cm
*.ht.kiss.cm
*.insight.kiss.cm
*.wildcard.kiss.cm
*.ww16.kiss.cm
*.ww25.kiss.cm
*.ww38.kiss.cm
*.app.assesprep.com
assesprep.com
*.assesprep.com
*.ww38.assesprep.com
bedpla.net
*.bedpla.net
*.random.bedpla.net
*.ww25.bedpla.net
*.api.bkmrkwebsite.com
bkmrkwebsite.com
*.bkmrkwebsite.com
*.sitemaps.bkmrkwebsite.com
*.staging.bkmrkwebsite.com
bratislavabyty.sk
*.bratislavabyty.sk
*.fa.bratislavabyty.sk
*.ii4ia5tz7b6l.bratislavabyty.sk
*.magazin.bratislavabyty.sk
*.mailin2.bratislavabyty.sk
*.new.bratislavabyty.sk
*.random.bratislavabyty.sk
*.ww25.bratislavabyty.sk
brisbanecaregiver.com.au
*.brisbanecaregiver.com.au
*.ww25.brisbanecaregiver.com.au
christophe-honore.net
*.christophe-honore.net
*.ww38.christophe-honore.net
entrenous.org
*.entrenous.org
*.mail.entrenous.org
*.www.entrenous.org
*.ci-preprod.esmacer.com
esmacer.com
*.esmacer.com
*.hostmaster.esmacer.com
*.mail.esmacer.com
*.reejamtmaster.esmacer.com
*.dan.meera.com.au
meera.com.au
*.meera.com.au
*.random.meera.com.au
*.ww25.meera.com.au
*.ww38.meera.com.au
merlin-extension.com
*.merlin-extension.com
*.random.merlin-extension.com
*.ww25.merlin-extension.com
*.ww38.merlin-extension.com
newqualityhacks.com
*.newqualityhacks.com
*.random.newqualityhacks.com
*.ww16.newqualityhacks.com
*.ww25.newqualityhacks.com
*.ww38.newqualityhacks.com
*.mail.rotekartefuercorona.de
rotekartefuercorona.de
*.rotekartefuercorona.de
*.olddocs.sovereignty.one
sovereignty.one
*.sovereignty.one
*.www.sovereignty.one
*.mail.spikesplace.live
*.ns1.spikesplace.live
*.ns3.spikesplace.live
spikesplace.live
*.spikesplace.live
*.webmail.spikesplace.live
*.iccp.team-linux.com
team-linux.com
*.team-linux.com
*.ww16.team-linux.com
*.ww25.team-linux.com
*.ww38.team-linux.com
*.random.toolwarehouse.com.au
toolwarehouse.com.au
*.toolwarehouse.com.au
*.ww38.toolwarehouse.com.au
ubladi.com
*.ubladi.com
vfxdownload.xyz
*.vfxdownload.xyz
Other domains in certificate