Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=askalyx.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 23, 2025
Valid Until
March 23, 2026
73 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
27:EC:BE:FE:3E:5A:B8:E5:97:70:13:35:3E:42:D8:30:90:6E:D1:C8:33:96:EC:A9:76:F9:A6:54:17:6D:C7:5D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Basic
script-src; object-src
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
rer-a.fr
arcade.0xrome.com
www.30seclearn.com
3druk.io
ahmetyb.com
akaitori.info
staging.admin.allefolders.nl
e-embed.almeraim.com
www.ashishsoni.ca
askalyx.com
www.atomcode.co.uk
bdpdc.com
www.belamondo.net
www.bostoninsight.com
app.brainjo.de
www.brightserve.org
bussinaround.com
bwgnyinterlimited.com
digifypro.bytekast.io
calebouellette.com
cando.consulting
citizenfinder.info
www.climateactionnarbs.org
www.clintonwalsh.com
lola.co.ke
cosfinity.com
commitmentwizard.csforall.org
cutcomment.com
www.d1fan.com
sym-ensemble.dev-ltl-xpo.com
developdenver.tech
cc.devmaycry.com
dibsorder.com
hawthorne.district.chat
dougheyedbaker.com
drw.ink
salarycalculator.ecare.nl
mobility-map.entur.org
eventa.id
app.exerscreen.com
fami.ai
frbs.feelsart.ai
geosanplagas.cl
staging.granica.io
hantus.se
hungkikim.com
www.ideotipo.org
auth.ight.io
www.imkerei-brandstetter.de
itspuppettime.com
jitic.nl
joyof.travel
keenuts.net
keeth.me
www.kevin-haustein.de
biv-dev.klarway.com
colostate.app.konch.ai
www.kreativepeeps.com
kuwais.sa
www.larskuijpers.com
mandalart.me
mandlowitztraining.com
www.maskot.io
dashboard.max-index.com
www.meter-meister.ch
microplastic.io
www.micuentodigital.es
mlba.io
mugibaku.com
plixelmud.apps.mutecolossus.com
apollo.n42.company
www.apollo.n42.company
onehyphen.com
www.leo.org.in
costco.parkalot.io
peresordenieto.tech
www.pierre-bocquillon.com
piggyride.org
piyelabs.com
poached.tv
www.product.pictures
app.qqlink.net
recexchange.co
qr.resourcify.de
www.rgb.au
nameit.sallmedia.se
panel.samneat.it
www.seattlebase.com
showmesuccess.us
www.smartcat.tech
functions.sparkboard.org
www.spoton-education.in
stage.ssmt.app
l.suerte.studio
www.szerepcsere.com
www.tecquiver.com
jolanda.tielens-aarts.nl
tradingview.to
demo.yelou.app
certz.zac.ac
Other domains in certificate