Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=api.ethosandkind.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 09, 2025
Valid Until
February 07, 2026
83 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E7:33:74:3F:7D:FA:CB:44:DD:13:B1:0E:B3:9F:52:C3:6F:8B:2D:82:92:DE:04:DA:EE:1E:97:FE:E3:23:D2:D9
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
kmldn.dev
activit.app
omnicdp.agenciabond.com.br
artistly.in
belousoff.ru
runforcover.catilize.com
www.cloudchecklist.app
applink.test-mp.co-op.crs
wireview.codecaptives.com
dentilabs.com
links.dev-terveystalo.com
www.dheerancrackers.com
dicken.dev
emailsync.dev
api.ethosandkind.com
www.exzamin.com
fisioactivacl.cl
auth.fitillion.com
flywheel-taxi-hub-test1.us1.fleet-dev.com
fsadmin.flockone.com
www.floresdelisbarcelona.com
ganpatsteel.com
dev.getslideapp.com
gliderlogbook.de
gobackstage.co
halahotelaquapark.com
ln.hawkhr.com
www.hiddenhunts.com
app.hirelingo.com
fresh.staging.hummingbirdtech.com
app.isanku.co.za
palisades.jacobgeiger.com
joinlah.com
www.juanalbertoq.com
www.juglenaut.com
app.kandrexpressshippingja.com
karimagine.fr
khanyadihipkhsschool.com
www.koreavalley.com
laesenciadetaxco.com
liaisonsapp.com
www.livingpokedex.com
pomodoro.ljns.fr
loop-chat.com
www.lunexdirect.com
malabartyping.com
www.manikfernando.com
manttome.com
www.mathematicalinc.com
www.mattssonsab.com
auth.mavia.com
millenniumservicesinc.com
apps.minbahadursherchan.com
modularvista.com
games.monai.art
www.mudpiestudios.com
mvpmetrics.com
store3.kitaro.my.id
nasser-construction.com
nathurtig.com
neelaedtech.com
www.neo-devit.com
sun.cns.net.tw
nightlyrentalmanagement.com
link.nodalview.com
www.novellangswingcamp.com
okumatik.com
omegaaccords.com
onestoppdf.com
onewirelessservicesllc.com
www.orderfoodlive.com
ourreadinglamp.com
igcops.oxlac.com
test.printyourfriends.com
realcappers.com
www.recrubianexus.com
sacredpathretreat.com
samuelreeder.com
sanctuary-vr.com
sapuska.com
selectube.app
www.selectube.app
cms.test.shoofti.com
www.simplelog3.com
softybytes.com
splinxify.com
star-catch.com
bodacalderonruballo.swanmoments.com
theclouddentalstudio.com
tiktoktomb.com
titaniumconslt.com
toquegourmet.com.ar
towtruck661.com
www.trasks.app
tretechinc.com
www.underscorepng.com
uselocagent.com
villacampagnatrogir.com
www.wallieai.com
yangxincpa.com
Other domains in certificate