Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=wordfirst.nowexalted.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 15, 2025
Valid Until
February 13, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
4E:C2:E2:6F:AF:DB:3F:EB:A7:A3:85:F0:03:0B:47:DE:7F:3C:50:FA:4A:D5:02:33:39:AA:8D:04:56:3A:AC:1E
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
reach.rapo.app
link.2zero.earth
abhisekkumar.in
barbeverte.app
hope.baseph.com
ben-wolfe.com
bronxvisioncenter.com
alunos.caioizel.com
www.chess-adventures.com
www.chrisliebtsoftware.de
cjlws.co.uk
cdn.talkida.co.in
jsdesigns.co.in
fridamani.co.tz
codelab.codes
connectme.events
crbalconesdelacarolina.com
auth.crossedwords.xyz
www.cslewislive.com
csm-vrchlabi.cz
dashboard-dev.dahua.ai
darpan360.in
admin.delavisreliance.co.za
gerencia.despertame.org
app.digestly.ai
my.digitalagenda.app
admin.dobuythai.com
x10dgm1mg2q.easyapp.co
www.econblockchain.com
fairways.ltd
games.fandance.ru
chat.figueira.cloud
firstfloor.site
www.flamelink.io
globalberries.cl
gps-nakaji.com
pay.commerce-vision.gr4vy.app
www.gynmarketingdigitals2.com.br
link.hairmake-theater.com
hangtok.com
healik.ca
helloyobo.com
www.hoteldonjulios.com
iatelecom.com.mx
lkqa202416845.id.vn
my2417070.id.vn
indumentariabsport.com.ar
comp3120-2023-c05.jayenashar.org
jejakkecil.id
www.kimsdentalcare.com
kuczynskitrenuje.pl
kyleglasper.com
libcyberarm.online
www.lociai.jp
lodege.com
malcanarchitects.co.za
market-link.shop
mathpros.org
mdpx.xyz
www.mediloc.ma
www.mlcl.be
disil.my.id
nebikiquest.com
www.neomatixlimited.eu
wordfirst.nowexalted.com
ono.ma
ourlocalvoice.org
www.ourlocalvoice.org
palamarta.com
www.paweljonik.net
profeduconcept.ro
www.readthis.store
rideers.com
www.safar-e-ibadat.com
sandboxsampler.com
www.shovalfrymer.com
www.silas-froehlich.de
sphenome.ai
spiritpixels.in
www.spiritpixels.in
sportlaan.in
admin.standyroutes.com
www.swiftsteeds.com
www.szmr.co.jp
taniyakamboj.info
www.tars.kr
technoworks.com.br
tryitout.co.za
howtopay.uzhnet.com
vexasystem.com.br
app.vrtuos.eu
app.wakeupwarriorchat.com
app.webacus.dev
directed-attested-webui.labs.websheet.io
sl2025-webapi.labs.websheet.io
unicurl-v2.labs.websheet.io
wedge.labs.websheet.io
agent.wizonchain.com
www.yaniham.com
yudev.live
Other domains in certificate