DNS Gurus
Cached · just now
80/100 SECURITY SCORE

Certificate Information

Subject
CN=home.nathanko.com
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
December 01, 2025
Valid Until
March 01, 2026 58 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3E:21:BA:28:35:06:20:F9:D1:DF:94:2A:86:AE:DA:AE:C5:33:A5:11:00:6F:B9:AD:97:1A:64:DA:64:9F:16:4B
Alternative Names
100 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Configured (Restricts certificate issuance)
Current Issuer
Authorized (Matches CAA policy)
Authorized CAs
digicert.com sectigo.com letsencrypt.org comodoca.com globalsign.com
Wildcard CAs
digicert.com sectigo.com comodoca.com letsencrypt.org globalsign.com
Recommendations
  • Consider using critical flag (flags=128) for stricter CAA enforcement
  • You have authorized 5 CAs - consider limiting to only the CAs you actively use
  • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

100 domains
retasapp.com

Other domains in certificate

ahammouch.xyz
cards.aleyron.com
auth.annaeiriks.is
www.apfome.co.uk
legacy.desk.bilo.ba
firetv.blackdove.io web.blackdove.io
rse-depoche.bpifrance.fr
alocmap.byronsd.com
auth.cardlinq.io
classlabai.app
talles.closize.com
www.eilonby.co.il
sustainable.co.ke
league.sydatech.com.ng
www.kingdom.com.sa
auth.dev.cosmeb.com
poc.craftyourtaste.com
empires.danielmoniz.com
angulargpt.dantearrighi.com
l.desanti.it
www.dodgenburns.com
test-app-music.dwango.jp
everybod.com.au
fiscosistem.com.br
www.forty-seven.be
www.gardeninnsangabriel.com
collecte.gku-pkn.nl
www.hshgeneraltrading.com
cinemartie.hyo.dev
igloogel.com
www.inbio.me
dev-app-invest.influxfin.com
www.insightneuroclinic.com
isaryavatmal.org
www.jankalyan.life
www.jjuteachershealth.in
www.julianesja.com
eurolaser-fm.kalpas.in
selfiebackgroundcheck.personal.lifebrand.life
www.manyataenterprises.in
www.miqr.site
www.mollov.eu
www.mosilie.de
auth.mylove.fitness
www.natashaburman.com
home.nathanko.com
www.naveengupta.com
www.newchinaii.com
www.nexuside.com
downloader.nghokit.com
startpage.nicolasloontjens.com
www.ninjapuzzles.com
crossfit.nomad.works
notetxt.com
www.noteworthytuner.com
numbergraphics.com
numerise.com
help.slingshot.rd.nyt.net
oberonbrokers.com
obsolesce.com
oceanringtech.com
onedollarshoutout.com
optionvalley.com
orderuptoday.com
osmoequity.com
outerinfinity.com
outputstock.com
oyuntu.com
paligrammar.com
pandamg.com
mitienda-sucursales.pedix.dev
policarpoaconquija.com
app.rad-net.de
champions21.sbem.fun
sebcayet.fr
selvabankers.in
shiworks.au
www.dev.siftora.com
auth.smodin.dev
www.miner.soturimedia.in
soullaxmiartsstudio.com
dev.syncwell.io
tareasmanias.com
www.techilex.com
devlink.topconta.com.br
tycoonhamlet.com
ubumwecommunitycenter.rw
vasutas.eu
sandbox.veniceprojectcenter.org
connectid.verifymy.id
viaparis.info
vtgsynergy.com
xn--tvrbana-6wa.wiklandia.io
checkout.xanum.mx
xn--299a69z2mr.com
cullinans-joyeria.xn--adianteappsmxico-mqb.com
www.xn--h49a69zb7dtzkvrdxxn.com
www.xn--lnene-mra.no