Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=hato.lumisar.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 10, 2025
Valid Until
March 10, 2026
49 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
6C:64:C9:27:66:3F:71:68:ED:2C:2C:25:76:68:90:C0:13:F4:8C:48:85:D8:DD:7F:84:53:06:9D:C4:AE:3A:AC
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Wildcard CAs
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
comodoca.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
redrive.com.br
www.ad4en.com
metability.agilite.io
airso.ru
calatayud.akibaa.com
allotone.com
www.allthefood.app
andrewperkins.dev
aniwatchapk.download
statistics.apcouleddjellal.dz
sigma.orsima-opzak.appdashboard.nl
artsu.me
athorivos.com
awebber.info
buixuanhanh.vn
casaflordesal.app
www.catobranco.pt
chair.app
www.charlesjewelerstampapalms.com
sbitgpspoint.co.in
accounts-developer.combustion.inc
www.completeenergyne.co.uk
www.divestudentaid.com
fairyexperiments.com
web.filipina.app
gardencitycarpentry.co.uk
obabuild.glueware.dev
gobus.vn
gowfh.com
www.greenlightprint.net
www.happyprogram.org
hoepner-dachfenster.de
cms.holidayinfinite.com
hominid.us
www.cmc.ics-digital.com
intellipick.eu
cochesegurostone.inter.mx
multiseg-log.ipolitus.com
www.johanbissemattsson.se
www.kevinboekhoff.com
khachsantungduong.com
ki-hub-bayern.org
mcsa.kro.kr
www.krot.app
lampadaire.ca
phasmo.lotai.xyz
hato.lumisar.com
madeinafricafair.live
www.maimarae.co.nz
promocion-greenpark.metroarea.com.co
www.minimumviablepython.com
www.minmaxxing.com
link.mrfox.app
pic-sazka.mentor.neccton.com
neilarora.in
nitramis.com
oneononeviolin.com
www.originsme.com
thewritingdev.paperwebsite.com
qiagen.parkalot.io
parkrunthailand.com
app.paycloudafrica.com
ribes.pedidomovil.es
analytics-stage.pixis.ai
platcenter.com.mx
poovarkingfisher.com
www.premium-cup.de
www.promptflowai.app
dev-admin.propo.fm
www.pwnasaurusgames.com
www.radarcrate.com
roofhq.com
www.s2ptechnologies.com
scarapp.com
ombroscope.sgibout.com
www.shubhamchawre.one
snecompany.com
app.soppkontroll-app.no
www.soshine.app
app.spotshot.me
survey.startflourish.com
symyoosafety.com
fitness.syoung.fun
asvf.t3i.fr
app.teamo.io
ternality.xyz
cue.vixi-qa.thefamousgroup.com
tindungthongminh.com
www.tmstream.com
gestion.trademastertransactions.com
bestellen.treffpunkt-grillhaus.de
app.demo.univacity.com
docs.victorpuga.com
www.vivialearn.com
www.waded.org
webglobalautomations.com
devlive-innovation.world50.com
www.writeon.io
www.xen-edge.com
yurki.dev
Other domains in certificate