Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=brushwave.digital
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
May 17, 2026
Valid Until
August 15, 2026
76 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
30:5B:34:FB:BD:76:7F:A5:97:22:BE:74:B0:F4:F4:A2:05:66:72:CF:CB:DE:1B:E2:E5:16:70:DA:93:30:ED:9E
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
salestoutlet.com
*.salestoutlet.com
*.decimas.salestoutlet.com
*.na-kd.salestoutlet.com
*.philibert.salestoutlet.com
*.remote.salestoutlet.com
*.tous.salestoutlet.com
*.www.salestoutlet.com
55898.blog
*.55898.blog
*.mar5gr.55898.blog
61711.ad
*.61711.ad
91balloons.com
*.91balloons.com
96767888.com
*.96767888.com
968578.co
*.968578.co
boostvoiceformgroup.info
*.boostvoiceformgroup.info
*.ejrt64.boostvoiceformgroup.info
*.jrt64.boostvoiceformgroup.info
*.4n5mc0.boostvoiceformteam.info
boostvoiceformteam.info
*.boostvoiceformteam.info
brushwave.digital
*.brushwave.digital
*.lieepb.brushwave.digital
buzzant.com
*.buzzant.com
*.ftp.buzzant.com
*.access.canadaelectriccar.com
*.app.canadaelectriccar.com
*.apps.canadaelectriccar.com
canadaelectriccar.com
*.canadaelectriccar.com
*.connect.canadaelectriccar.com
*.mx.canadaelectriccar.com
*.rds.canadaelectriccar.com
*.remote.canadaelectriccar.com
*.remoteapp.canadaelectriccar.com
*.ssl.canadaelectriccar.com
*.ts.canadaelectriccar.com
*.vpn2.canadaelectriccar.com
*.webvpn.canadaelectriccar.com
cpa-bank.com
*.cpa-bank.com
*.app.dominix.sx
dominix.sx
*.dominix.sx
*.test.dominix.sx
*.bankofamericamortgag.erate.co
erate.co
*.erate.co
*.bgrnde.evolvetouchstormgroup.info
evolvetouchstormgroup.info
*.evolvetouchstormgroup.info
*.ibgyqwebmail.sharethecost.org
*.m.sharethecost.org
sharethecost.org
*.sharethecost.org
*.www.sharethecost.org
*.h9x43m.timecraftatel.com
timecraftatel.com
*.timecraftatel.com
*.cpanel.winsjackpot.com
*.cpcalendars.winsjackpot.com
*.cpcontacts.winsjackpot.com
*.m.winsjackpot.com
winsjackpot.com
*.winsjackpot.com
*.api.xaiio.art
*.dev.xaiio.art
xaiio.art
*.xaiio.art
*.yraktapi.xaiio.art
*.api.xn--168-1klj2o5b.agency
*.app.xn--168-1klj2o5b.agency
*.new.xn--168-1klj2o5b.agency
*.vc0iw9.xn--168-1klj2o5b.agency
xn--168-1klj2o5b.agency
*.xn--168-1klj2o5b.agency
*.api.xn--sutesisatlar-sdb05hda.com
*.backend.xn--sutesisatlar-sdb05hda.com
*.hostmaster.xn--sutesisatlar-sdb05hda.com
*.sandbox.xn--sutesisatlar-sdb05hda.com
xn--sutesisatlar-sdb05hda.com
*.xn--sutesisatlar-sdb05hda.com
*.zimbra.xn--sutesisatlar-sdb05hda.com
Other domains in certificate