Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.acolhersaude.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 17, 2025
Valid Until
February 15, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
55:83:C5:67:6F:59:AD:7F:64:2A:0C:5C:6F:7B:E6:51:7A:36:95:D3:8C:B2:F9:5B:AB:95:1A:2B:D4:69:5E:81
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
legi.app
www.100brokenpixels.com
achartaboutnothing.com
www.acolhersaude.com
www.aimoov.fr
alexshi.me
benchpass.app
www.blakezimmerman.me
staging.blur.live
www.bookingwarrior.com
blog.branmendo.tech
buttonsdyes.com
photo-video.at.calculatorhub.app
www.christchurchindia.org
gdtli.co.in
coop1.grobox.co.ke
bysometric.co.kr
compucon.ca
cornellnote.org
www.corruptedchronicles.com
platform.damotech.com
my.enkept.com
beta.esker.app
staging.firstroundgm.com
www.foretriziere.com
admin-staging.fuelstreamservices.com
www.furasoft.com
gido-ferienjobs.ch
app.gmappros.ai
gpfarm-admin.gpsmart.vn
www.happy-pos.com
echohearing.booking.hearlink.co.uk
henninghall.se
www.igros.app
checkout.ihengravidei.com.br
schaeublin.immodigi.app
ergovitalis.indext.com.br
inertium.app
www.janes-forest.org
www.jasoncornish.dev
joha.io
katkaamilan.cz
keiransnowe.co.uk
staging.web.kisi.io
billet.kystmuseet.dk
loterica.link
macroandmarkets.com
www.morphosis.com
motolog.app
www.mubaraklegal.com
www.nagatani.app
mob.naqqe.app
www.natalieromano.ca
nomadsos.app
cache.orchidwire.com
ospniezywiec.pl
share.oyucon.com
app.pacificgardensco.com
app.passnaturalisation.fr
www.pebinary.net
promociones.pidelope.app
pixel-x.jp
stg-admin.propo.fm
blendaix.order.pulp.eu
pulse.cash
m1.d.qikserve.com
ready-fare.com
reshailawan.com
www.robotzgaragescouting.com
sahl.menu
wildtone.sannicolo.se
app.sarisskahradnacesta.sk
factoring.seflink.rs
react.selimsql.com
shortjob.app
natalrn.gerenciazap.smartmidiasdigitais.com.br
www.soheilsalimian.com
fprod.squadapp.co.uk
yeg.sqwadhq.com
yegadmin.sqwadhq.com
www.stevemaguire.dev
stockwise.io
cage.artintech.tableunstable.org
theborderline.top
level-bot-widget-stagex.thelevel.ai
www.torontolaserservices.com
tracupuncture.ie
oee.trepko.com
chronosfit.turnosweb.app
write.uajh.com
www.vaancure.com
links.vasco.eu
verimail.io
veteran-acquisitions.com
www.virtualweb.app
webcrft.co
wibce.net
yacelltech.com
dashboard.yumealz.com
zzz.team
Other domains in certificate