Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=krewinkelkrijst.nl
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 06, 2025
Valid Until
January 04, 2026
45 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
0D:6A:B5:73:3C:44:A2:F6:B0:76:C9:6B:AD:06:0C:51:51:D1:80:B4:7D:99:0D:CB:26:6B:13:2E:2D:01:A7:3D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
matchmania.io
activeimage.io
homephysio.activlife.my
norma35.administracion-360.com
monge-seguros-dev.affinity.do
akw-it.hu
anderbolt.com
c.animemo.id
askyourexcel.com
url.balatin.de
www.baseed.co.jp
beyerspark.com
sccschwerinvolley.deeplinks.bfansports.com
www.bigbunbudget.com
app.biglittlethings.de
blessig.net
chicagomandir.org
campuson.childcareon.com
spectrograph.chrismitchell.name
investorportal.cinde.org
lms.paypam.co.il
hitechglazier.co.th
sales.constantiaedge.co.za
www.curling.gg
dancechaos.com
dodd.ly
www.domobile.com
cl.dope-zine.com
hub.doc.eluv.io
runner.nerf.emallstudio.com
test.finvari.com
www.fitatgo.com
www.fruitz.io
www.getsunrunsolar.com
acc.gfc.io
admin.golfinity-app.com
guid.party
h2financiamento.com.br
haiset.cz
harleybrito.dev
demodata.immodigi.app
is-my-baby-ok.com
www.online.itdsport.pl
www.itsjennifer.com
fort-x.jdriven.com
app.jnyt.io
apps.kaps.es
dev-auth.neuron-dev.keurig.com
krewinkelkrijst.nl
www.ksvsteamengineers.com
www.laser3000.be
lastclass.io
www.lyfezen.com
cljs-live.matt.is
www.mehmetyz.dev
stg-app.minna-no-ginko.com
minute-log.com
demo.mobilenext.eu
r.mola.fish
create-test.myplayer.io
organicvegetableapprenticeship.org
pesqueja.com.br
www.pista8.com
www.playchess.page
quickstats.ca
link.radost.digital
reignalter.world
incident.dev.responsetech.ltd
app.scalenda.com
ticket.selfparking.com.br
www.silvestercountdown.com
staging.skrilla.com
www.slabclimbing.it
auth.slappy.life
slavko.dev
provider.smartway-ksa.com
www.smartway-ksa.com
my-home-qa.sophos.com
sourceoflifechurch.org
lutrivia.sqwadhq.com
www.stephenprabhu.com
www.stuartrestaurant.com
admin-bookings.swimfortri.co.uk
suitescreen.tapacenter.com
tesladiscount.net
thecolorfulcase.com
app.thrill-in-love.games
thwoo.co.jp
www.tieple.com
www.timandrisa.com
www.tivvit.dev
www.tscsteps.org
login.u2paycash.com
valentinapilates.com
hetzner.varahealthcare.com
www.vocesdelamemoria.com
wide24.ru
www.winner-english.com
renting.yazeedsabil.com
integrate-dev.zectyr.com
Other domains in certificate