Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=liquidtour.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
May 19, 2026
Valid Until
August 17, 2026
83 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
73:5E:2A:F4:8B:0A:4A:9B:8D:FE:E6:00:A8:57:25:73:F2:0B:74:72:E4:C1:FC:4E:F2:DA:D4:92:FE:8B:86:C3
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
liquidtour.com
*.liquidtour.com
*.apps.liquidtour.com
*.git.liquidtour.com
*.qa.liquidtour.com
bjasc.org
*.bjasc.org
*.jenkins.bjasc.org
*.ww25.bjasc.org
buntre.de
*.buntre.de
*.hostmaster.buntre.de
*.ww12.buntre.de
*.ww38.buntre.de
cmarketing.biz
*.cmarketing.biz
*.play.cmarketing.biz
coffeegiftbaskets.au
*.coffeegiftbaskets.au
*.wildcard.coffeegiftbaskets.au
d2band.com
*.d2band.com
*.ww38.d2band.com
dfg.com.pl
*.dfg.com.pl
*.hostmaster.dfg.com.pl
*.magento.dfg.com.pl
*.modelki.dfg.com.pl
*.sex.dfg.com.pl
*.shop.dfg.com.pl
*.smtpauth.dfg.com.pl
*.staging.dfg.com.pl
*.www.dfg.com.pl
discound.de
*.discound.de
doksli.com
*.doksli.com
*.info.doksli.com
download4truth.com
*.download4truth.com
*.sitemaps.download4truth.com
edutypeing.com
*.edutypeing.com
*.random.edutypeing.com
*.ww25.edutypeing.com
generaltechno.co
*.generaltechno.co
jamesmjasper.org
*.jamesmjasper.org
*.dddd.londonroadcars.co.uk
londonroadcars.co.uk
*.londonroadcars.co.uk
*.n266mail3.londonroadcars.co.uk
*.website.londonroadcars.co.uk
mikroanlage.de
*.mikroanlage.de
*.meine.posdtbank.de
posdtbank.de
*.posdtbank.de
*.random.rentwise.com.au
rentwise.com.au
*.rentwise.com.au
roteaterne.de
*.roteaterne.de
sibulo.com
*.sibulo.com
*.admin.swing-browser.com
*.antiphishing.swing-browser.com
*.blog.swing-browser.com
*.estat-track-pc.swing-browser.com
*.m.swing-browser.com
*.search.swing-browser.com
*.sitemaps.swing-browser.com
*.static-pc.swing-browser.com
*.static.swing-browser.com
swing-browser.com
*.swing-browser.com
*.ww1.swing-browser.com
*.ww2.swing-browser.com
*.ww99.swing-browser.com
*.cloud.tencent.it
*.hostmaster.tencent.it
tencent.it
*.tencent.it
*.www.tencent.it
*.dwij7.tysonfury.xyz
tysonfury.xyz
*.tysonfury.xyz
xn--migrnebcher-o8a92a.de
*.xn--migrnebcher-o8a92a.de
Other domains in certificate