Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.sandbox.gestio.school
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 21, 2025
Valid Until
January 20, 2026
63 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
0D:F7:F4:AA:9A:14:D2:0C:49:03:25:59:CD:52:21:45:52:F4:96:8A:01:CB:45:D8:23:70:99:97:00:A2:3E:C0
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
netherguild.com
www.africasunrise.com
retrocomputerword.alexdev.se
alister.dev
loppe.console.ameroservices.dk
angelclaim.xyz
www.apb.mx
atmacametall.com
search-it.belindawelte.de
bizce4islembolgb.com
www.brickwise.info
buildingahero.me
centromedicoelvalentino.com
keralapublicschool.co.in
annyeongkorea.cydratech.com
danielwegener.de
dentocarekol.in
world.digitalnode.com
dybev.uk
minesweeper.e-edev.de
golfgirlxo.easyapp.co
etrl-llc.com
ffmrewards21.com.au
dist.fontproofer.com
www.forogimod.dk
www.fundamentalknowledge.net
www.sandbox.gestio.school
mojefizjo.nfz.gov.pl
www.herzensangst.com
vetbro06.id.vn
inboxdl.insuranceinbox.in
portal.jicando.com
johnl.net
link.joinsherpa.io
jpg.studio
rh.kanoma.fr
kihon.fr
sales.kryptochannel.com
ladireccte.org
upjr.lapieza.io
lomitransport.com
loom.fyi
passportle.lordos.tech
manaspurti.com
app.manufi.io
konzepte.maxentwickler.site
clientuat.maxsold.com
renewing-member.memberwizard.com.au
mrandmrsduffy.com
munevveryokus.com
prod.noblenerds.org
nsfwdeveloper.com
www.nubofy.com
www.omkar.dev
dociddemo.onymos.com
link-stage.opesjet.com
pandarivercrossing.com
panomixstudio.com
www.panomixstudio.com
www.papabearstories.com
paramountmotors.in
paulkolesnyk.com
app.payprz.com
pear-cast.pearsports.com
magurobcn.pedidomovil.es
pipetek.io
www.pixawise.com
poochhooch.net
protostartrading.com
radoclock.com
www.redlands.dev
remoteduelcompanion.com
replaymirror.com
breakbreeze.servicechai.com
app.shopiness.vn
green.preview.shortwave-staging.com
www.shuttle-inc.com
skillikz.in
slurbs.net
laposte-app.speakylink.com
colors.stephengordon.ie
atapi.swish.nu
programadores.tgiserviciosinformaticos.com
www.thegentlemanstudio.com
thejewelleryshow.in
thestowellcenter.com
twilane.com
unccflowerhunt.org
ux-casa.com
varunpandey.net
lab.verve.lk
waitdone.com
app.waltr.in
wannabeyourdog2.com
www.whichplates.com
wikieducationtech.com
wize.nl
dev.yunfei.li
recipe-book.zacharyjbaldwin.com
robinhood.zhixiangren.com
Other domains in certificate