Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=calif.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 23, 2025
Valid Until
January 21, 2026
72 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
6D:9C:6F:59:B5:52:E0:6E:D8:61:A2:0D:E1:07:02:FF:60:D8:DA:CF:DA:95:DE:6D:35:22:51:08:80:05:6D:9C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
okdsc.com
11.typeforce.com
24.guntxjakka.me
www.abimanyucrackers.com
za.foresight.adgile.media
aimazing.club
appodiz.com
baccerboys.com
beanlist.io
sensefy.bolha.com.br
www.boostyoursuper.com.au
calif.io
www.carzo.in
covid19-trends.de
www.curtiscali.dev
cyberlabstudios.dev
www.daddyissues.club
link.dawn.ad
lnk.dawn.ad
admin.dosehelper.com
edenfour.tech
staging.edukamu.fi
clasificados.elsoldetlaxcala.com.mx
account.fabhand.co.uk
dashboard.fietskluis-app.nl
figueroaconstruccion.com
ip-client.fikilifadly.com
a0j7.foodle.su
www.getpassit.com
api.getsajdah.com
series.app.greengreyholding.com
harekrishnaarts.com
helpsoo.com
hugbug.io
test.items.page
itnry.com
uniben.hml.portalcliente.izii.io
widget-demo-sandbox.joinsherpa.io
jossie.io
tracklisted.jsnap.xyz
karahasantekstil.com
kavana.io
demo.kaynix.ai
kevincartersmith.com
portal.khalha-lk.com
l.kitaq-mirai.com
design-dev.logibud.com
chat.logivan.com
openquote.logivan.com
madadam.today
admin.minorganisation.se
monsrudopen.com
www.monstermaker.xyz
webapp.mpn.rip
msxpen.com
password.mukulrai.in
admin.mulle.ee
www.naturally-salt-poolaccess.fr
www.newartisan.it
dev.news24taaza.com
nghinchuen.com
nkansahsfoundation.org
www.nummels.com
oaktree.io
opencupon.jp
admin.pakhms.com
phoebe.philanthrosphere.com
app.pos-rest.com
prodyogikisol.com
printing.rcloud.dev
app.winecode.rdlabo.jp
reactradio.dev
www.revolucionfungi.com
www.robbieelias.ca
www.robotjurist.nl
connect-ng-widgets.rxoconnectdev.rxo.com
ryenmasters.com
psychiatrycare.sevaro.com
www.shoharab.com
simpl5.com
safetynote.sixbytes.io
soulhealth-bg.com
splashysprint.com
strangepunk.com
stratento.com
www.tearo.ee
login.terminal.io
phoneme-predictor.terrifiedofheights.com
portaal.tfh-holland.nl
vote.transier.family
tripclub.io
company.trophien.com
unikhire.com
mechanic.voyzi.io
valet.voyzi.io
dsaid.weyer-family.de
wospsuperszkola.pl
str.wyshlist.in
yanisilver.com
cloud.yoyco.tech
Other domains in certificate