Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=macroandmarkets.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 21, 2025
Valid Until
December 20, 2025
39 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
B1:56:5D:84:48:E7:FA:BB:96:B6:FB:0E:79:9E:FB:0E:32:70:56:68:2E:42:2C:7A:70:FC:4A:D9:88:B2:EC:92
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
ready-fare.com
www.acolhersaude.com
www.aimoov.fr
alexshi.me
track.allridi.com
dev.anclement.com
wetterapp.arifayduran.dev
testing.bestathletes.co
riders.bicci.cl
www.bills310.com
www.blakezimmerman.me
staging.blur.live
www.bookingwarrior.com
finly-dev-links.bossmoney.com
blog.branmendo.tech
buttonsdyes.com
chooseday.app
www.christchurchindia.org
gdtli.co.in
coop1.grobox.co.ke
gentlegraphics.co.ke
tixhr-pulse.opensourcelab.co.kr
www.hotspacestudio.co.kr
register.codeconecta.com
www.cooper-data.com
cornellnote.org
www.corruptedchronicles.com
platform.damotech.com
www.typesomething.ddaaaaann.nl
www.dev.pattison.docmasweetspot.ca
my.enkept.com
executehub.com
www.ferienwohnung-martinshof.de
staging.firstroundgm.com
flowmodoro.app
www.foretriziere.com
admin-staging.fuelstreamservices.com
www.furasoft.com
gido-ferienjobs.ch
www.happy-pos.com
echohearing.booking.hearlink.co.uk
henninghall.se
checkout.ihengravidei.com.br
www.janes-forest.org
www.jasoncornish.dev
joha.io
www.katelipsychology.com.au
katkaamilan.cz
keiransnowe.co.uk
staging.web.kisi.io
www.kvetiny-mirka.cz
dev.logbee.com.br
loterica.link
macroandmarkets.com
www.morphosis.com
www.mubaraklegal.com
nemotech.vn
dataset.or.kr
cache.orchidwire.com
ospniezywiec.pl
share.oyucon.com
app.pacificgardensco.com
pasquale-e-luigia.it
app.passnaturalisation.fr
pixel-x.jp
stg-admin.propo.fm
blendaix.order.pulp.eu
m1.d.qikserve.com
reshailawan.com
www.robotzgaragescouting.com
www.rz.id.au
sahl.menu
factoring.seflink.rs
react.selimsql.com
natalrn.gerenciazap.smartmidiasdigitais.com.br
www.soheilsalimian.com
www.soumission-extermination.ca
campicar.speakylink.com
fprod.squadapp.co.uk
yeg.sqwadhq.com
yegadmin.sqwadhq.com
www.stevemaguire.dev
stockwise.io
cage.artintech.tableunstable.org
www.the-window.nl
www.torontolaserservices.com
tracupuncture.ie
oee.trepko.com
truhlarstvi-coreja.cz
write.uajh.com
www.vaancure.com
links.vasco.eu
verimail.io
veteran-acquisitions.com
www.virtualtime.co.za
wibce.net
yacelltech.com
dashboard.yumealz.com
empresa.zarpar.app
zzz.team
Other domains in certificate