Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.heilpraktiker-heitersheim.de
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 24, 2025
Valid Until
January 22, 2026
71 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
8B:90:89:59:1B:E0:A8:43:80:59:25:F4:3A:1F:B4:0E:B6:30:C3:81:03:C0:B0:6B:7B:0C:44:68:64:BD:D3:06
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
purchase-master.jp
4pixel.app
www.agilis.lt
agonoodle.com
dampay.dam.app.br
www.appitrend.com
www.buriramsiritractor.com
cafespicedarlington.co.uk
health.camtech.org
chatvui.vn
stage.roadrunner.cinedeck.app
cipturkey.net
dev.cloudbusting.mx
sponsor.codenekt.com
reservas.colegiojohnwall.cl
colinhas.com
conoscenza.co.uk
www.cslabs.app
ctzen.mu
cum.engineer
remotelock.manage.cuona.io
curved.money
www.cycal.jp
www.dathanguc.com.au
dealjacks.com
mysql-advanced.dev-master.ninja
docmarenco.com
doyouliveinademocracy.com
concisely.dpbulletin.org
ekinnohutcu.com
www.eleveight.net
enersolarto.com.br
erdz.org
esphotos.co.za
evoqueusa.site
fantasygawlf.com
assessment.faura.us
fbm-maconnerie.fr
collab.ferobill.com
catastro.fiatauto.com.ar
flixhqapp.site
fourietobe.co.za
fundacionvalcar.com
www.qa.admin.gestio.school
www.gfgconcepcion.com
graceraper.com
www.handtoy.com
hapiseitai.jp
benjamin.harrop-griffiths.com
www.heilpraktiker-heitersheim.de
hitvapk.online
app.insyncapp.io
app.inventech.com.co
my.jamilcards.com
meet.keap.page
kellermankorner.com
korfsm.com
staging.lesfrenchbulles.fr
lolfox.net
www.makeup-mate.com
maltiomics.com
meliora.works
www.moneyrho.com
player.staging.mrandmrsgame.com
ooty.mukunddroptaxi.com
mylittlekitty.co.jp
ninterdata.com
no.mortgage
www.noahgels.com
app.nom.legal
www.notollm.com
www.ortura.com
salesforce.proftware.com
neo.qburst.in
www.quinielas.futbol
link.qwil.io
docs.dev.retorio.com
test.sammentreff.no
www.seyonthirumangalam.com
www.shreeganpathistone.com
sland.xyz
oauth.smartof.app
3dgolf.sportsbox.ai
libertytriviaadmin.sqwadhq.com
www.stingersnft.com
www.syncscrm.com.br
app-dev.syodai-marugen.jp
www.tanay-arora.in
www.teetimealerts.io
tercihmeselesi.com
www.tristho.com
www.turtletank.org
typicalapp.site
www.uni-guru.in
vegamoviesapp.online
www.welterscontracting.ca
www.winhangarra.au
app.word-battles.com
beta.prod.wrenches.ai
app.yungol.com
Other domains in certificate