Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=harishale.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 29, 2025
Valid Until
February 27, 2026
84 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
FF:CD:BE:FF:32:10:F0:CE:93:81:02:A0:30:27:EF:59:B1:67:37:1A:16:E5:21:A4:A2:29:72:92:B3:4A:23:DF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
script-src; object-src; base-uri; +3 more
script-src 'report-sample' 'nonce-PubuhZ30P26RcFj15u1lDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
link.yselfie.com
10pin.app
www.acnescartreatment.ca
app.adarga.org
www.ai-factory.systems
alexandercgibson.com
news.animuscyberspace.com
beta.arkbreeder.com
dev-portal.sandbox.awellhealth.com
aymand.com
www.beloz.com.co
bestfileconvert.com
applink.bevisbytheo.com
cablesizecalc.com
brand.cleverrascal.com
auth-cobs-staging.cntxt.com
offers.mitsubishi-motors.com.om
corporate.cardata.com.tr
pro.medias.com.ua
browse.testv3.contentfabric.io
e.contract-jobs.com
curceando.com
www.danielscastle.com
blog.daybook.app
apphome-stg.ddangkongschool.com
deepwoodsfirestarters.com
js-sexpr.dephony.com
dh-vu.com
collection.dhygen.com
digishala.com
dismaferjacome.com
portal-hml.doctorclin.com.br
dreamsjewels.in
asmaa.e3lannat.com
emlabs.pl
www.circlehealth.eql.ai
static.fluence.academy
auth.fortneti.com
agent.fsocietysj.com
www.futurity.technology
auth.gardenr.com
rule-30.garrettroell.com
mt-dev-admin.geneowebapp.com
letter.geoit.dev
login.uat.getcredit.one
gfmri.org
gigvib.com
giperrone.com.br
giraffesarenotreal.com
fire.gorbotics.com
harishale.com
admin.historiaparaviagem.app
plataforma.hondurasdigitalchallenge.com
www.imperiumlarp.com.br
s.inteamchat.com
protean.jakeharris.dev
kloudxel.com
www.ksp-kalajoki.fi
legdaytoday.com
lunxtmedia.co.za
maxclickempire.com
staging.metstudio.net
healthcare.microba.com
www.micsel.com
minjooandtim.com
download.mobitazsolutions.com
yoshino.mtbpark.info
mysds.in
www.nginel.com
12daysofar.orangelv.com
www.outlearnapp.com
stage.parrofy.com
terminal-development.payo.com.au
www.philt3r.com
plunxo.com
www.primelistings.in
poistu.raha.fi
url.realresponse.ch
rietas.fi
saltyflights.com
www.samsonc.dev
iching.saycoo.com
baby.seikatsu-kakaku.com
settlar.com
www.shapeofrisk.com
university.sharly.ai
sildenafil7online.com
www.stayillusion.ch
swnfreebooter.net
instance4.tallyfor.com
www.tavaresplace.com
www.thaibasil-denver.com
timezonewiz.com
www.tramaserviciospublicitarios.com
www.ukeyyo.com
find-my-friends.uniq.by
links.unscriptedposingapp.com
beta.wwtb4m.xyz
yayhorsey.com
admin-gvw.yobeeapp.au
Other domains in certificate