Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=link.areenasports.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 07, 2025
Valid Until
March 07, 2026
74 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
CA:B6:FB:02:F6:BD:D3:76:68:31:1A:A4:27:45:B2:60:09:7F:3F:96:8D:7C:5C:59:07:D8:8B:3B:18:65:CE:3D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
sectigo.com
ssl.com
comodoca.com
digicert.com
; cansignhttpexchanges=yes
globalsign.com
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
Wildcard CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
globalsign.com
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
sectigo.com
ssl.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 7 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
lifeassistant.com
app.2doreview.com
63red.app
dev.accesscareapp.com
advertorials.nl
afrinov8.com
alarinaproject.com
appsolutefuturetech.com
link.areenasports.com
bebsabook.com
staging.bigordr.com
www.blockloop.tech
app-stg.boukili.ca
resistime.bracelit.es
www.bromley-conservatoire.co.uk
report.nexxt.bycopilot.com
catmuzzle.jp
www.chainswap.org
chanto.io
manager.chego.app
app.cloud-ace.com
www.codefutura.com
colinlarson.ca
www.contax.mx
dal.staging.admin.convercus.io
b2b.darwin.ua
test.devprestigeride.com
diversitus.com
early.cl
carreiramuller.educpay.com.br
egodziny.pl
dev.evolist.app
tweetmark.filleduchaos.com
parrysound.firepermit.online
flutteroiditservices.in
friend.loans
www.game-cradle.com
gloudi.com
gofeds.com
app-dev-v2.gospurr.com
www.grace-lounge.de
haruirotakamatsu.com
pat.hcc.links.healo.app
dev.healthread.com
reptile.heydanhey.com
highschool.my
hoianbasketboat.com
reuben.honigwachs.co.za
luungocloi.id.vn
luxaztk1860.id.vn
www.inovafit.si
www.quiz.jaksmok.com
davyrv14.jaredsolomon.net
jhonland.com
karaokist.com
www.lascalamalaga.com
join.longwalks.com
stg.mikoshi.io
mqdr.eu
japanese.nightcreationstudio.com
nyqu.ist
mksales.stuhhes.or.tz
unlimitedprinting.sandbox.orderprinting.com
oshi-colormaker.com
www.paolopasqualin.it
pfintools.com
phototuneai.com
www.plusonesolution.com.au
poppanda.club
qa-app.populi.ai
cdn.poradnik-transformacja.org
rc-online.reflection-method.com
www.roydenbrousseau.ca
app.senseweb.pl
www.sexy6.in
peppie.simontonsoftware.com
app-blog.smartcricket.com
cdvsmrlc5fhzfcnicphv.smartimob.io
novaxavantina.gerenciazap.smartmidiasdigitais.com.br
goldgym.sogafit.net
squireconsultancy.com
startrips.org
stepstopodium.pt
www.stlswing.dance
www.stockcontrol.cloud
www.stomio.io
strack.ninja
stubchat.com
firebasedesign.superlogica.com
tordle.de
research.valletta2018.org
auth-dev.valleypos.com
www.vicc.fyi
app.voiset.io
wavetotable.com
affiliate.websiteservice.co.za
signup.withyou.net
clients.woqoof.com
hclive.your.church
staging.zenport.io
Other domains in certificate