Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.nestenn.mu
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 28, 2025
Valid Until
December 27, 2025
45 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
1D:9E:DF:80:15:88:47:6C:94:A1:C3:14:7E:A8:9F:1C:7E:66:70:5A:E7:0D:52:00:EF:53:74:9A:34:D4:92:48
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
nitank-app.oz-tms.com
www.757kingsley.com
fb.swayam2.ac.in
tr.ac.th
ackee.cz
aiqrix.com
sales.aiqrix.com
aitracka.com
anqunix.com
smartlabels.armilis.com
staging.beyondview.com
app.bizvangelist.in
membership.blisscarwash.com
saikku.app.boogiesoftware.com
bsovi.com
trip.buja101.com
www.bwkrising.com
caryswedding.com
www.casanovasbarbers.co.uk
www.casraf.dev
centralharmony.llc
www.cidevelop.com
careers.dev.clevateam.io
clinicapureslim.com.br
rathods.co.in
www.sivakasiudhayamcrackers.co.in
coresys.app
cyberward.games
www.data-i-consulting.com
www.dicomtransfer.solutions
www.diegoveloper.com
chris.dziemborowicz.com
www.earlyname.com
www.games.eldrgames.com
app.enolve.com
www.expansiverse.com
studio.f2bportfolio.com
fabiendorey.com
feteducinema.com
fixitfile.com
freshwindsolar.com
frogsnack.com
gccdigitals.com
germangalaxy.com
nft-ticket-dev2.getlychee.link
ginbi.com
www.gismatrix.xyz
style-transfer.golightlyplus.com
www.hall-eng.com
harryrismananda.site
hdzfirm.com
hidesideinteractive.com
hyets.com
iliketrackbikes.com
imagineinkdesigner.com
www.ivantutor.com
jamesehly.com
jaredhu.com
jayantjha.info
jobgibraltar.com
www.kaime.info
konnectedly.com
launchhe.ro
hamburgaochips.lupi.delivery
mampaniltechscape.com
www.mdln.tech
menagechef.com
morethandragons.com
muhammadakbar.online
harmat.n7cloud.com
nesdc-event.com
www.nestenn.mu
www.pikup.in
priftt.com
prrbuilder.com
raggable.com
tools.rezonant.dev
ryanzhou.com
snowdog.io
www.solitaireonline.org
app.prod.sparqz.io
aircall-app.speakylink.ca
api.specpal.dev
staging.api.specpal.dev
beta.spotchat.com
www.landlord.stays.ai
suachuatiendat.com
www.szkolawzasiegu.pl
tanq8.com
www.theinventors.dev
thumbrai.se
geo.tim.fi
tkuw.net
trivia.wang
auth.urbanlyf.com
visroi.com
admin.xr.wec360.com
en.wumbox.com
preorder.wutmanintu.me
lib-blog.xrikk.xyz
Other domains in certificate