Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=knopfloch.li
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 14, 2025
Valid Until
January 12, 2026
61 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
94:B2:E4:7A:35:C6:C8:75:2F:2C:6A:B2:FC:25:C9:F4:E4:09:C3:36:BB:77:CD:8A:9D:06:F1:D1:B5:E1:BC:41
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
l.recenum.pl
gnkitm.ac.in
akshabihomes.com
www.akshabihomes.com
www.tech.algorick.com
www.aminebouarfa.com
ash-techsolutions.com
asleceea.org
avenum.app
baraobar.com.br
bassitraining.app
mobile.beemyflex.com
profile.bleanq.com
www.bmo-smart-life.fr
www.bodystreak.com
tact.caarya.cloud
chahatsweets.com
id-sso.stg.classi.jp
swastiknetworks.co.in
ourcalifonia.villagecalifonia.co.tz
crt.codesupport.dev
app.codict.es
canhbao.coitaba.com
antika.com.mk
statics.cv.me
app.d-rh.com
danielareina.me
datinginfluencer.com
www.defeatinggames.com
google.deshpande.page
dfx.digitalfutures.com
emlashelite.com
enterpuneet.in
www.explainme.app
ezpz.my
depomed.farmedsebina.com
fieldmaster.app
filaonline.net
gdk-consulting.com
demo.getbrief.app
golfstadium.com
gs-rumana.com
www.hana-and-david.com
myhome.hansiz.com
heavensgate.dog
board.homestation.jp
www.instaglance.com
integratepush.com
halfords.invue-live.com
gus.itesa.ar
www.jeanniechiem.com
job-board.io
joshknight.site
juancruzpereyra.com
kaka.ru
knopfloch.li
brainmonitor.konta.tech
kpopsevilla.es
cockpit.losteria.net
plt.ltl-xpo.com
console.nanobebe.io
www.nansfi.com
spiele.nilsbenz.ch
nykylasi.fi
onederwall.com
orthoenrichment.org
pescasaladapepi.com
www.polec.am
pound-gram.com
lesetilgang.profsys.no
rakennuskuivaus.com
paqf1.rb2k7.com
www.rent-a-bin247.com
roomconnect.ca
app.dev.serveox.com
www.shareyourfortune.com
sihinagardenresorts.com
simplifysoftware.com.au
admin.smartminingglobal.com
www.somenowsomelater.com
auth.spafinder.com
www.spcars.com.br
ssppgolf.org
stankovic.dev
studio-www.com
prueba.admin.citas.sugos.com.ve
supervisedvisitation.io
www.tactevo.com
tadashi.dev
www.teamcraftedpour.com
www.tonyschleck.com
links.traveletch.com
trdev07.fr
dev-app.tripswithbenefits.com
valley-swim.com
studio.vidbax.com
way2masjid.app
webcollector.app
www.zapps-studio.com
zenshipstage.zenmighty.com
Other domains in certificate