Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.theherbaldigest.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 16, 2025
Valid Until
December 15, 2025
33 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EC:30:29:8C:54:E7:29:BA:FD:32:F6:B7:09:D8:BA:D1:AB:28:9E:45:C4:5B:24:10:4F:84:69:29:75:B7:6B:5D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
samyush.com.np
www.3-way.it
react.5degree.in
ajmotor.net
www.aucitizenship.pro
braverat.online
chocolates-egology.shop
fairbridge.co.zw
www.bhgroup.com.pk
www.cavcoffee.com.vn
cpost.io
www.crir.net
www.crunchycashews.com
cubixpanel.com
lp.curae.jp
www.daxtop.com
vn.dnc-automation.com
calendar.pathway.edu.vn
bv.enercred.com.br
ffi-firebase.link.test.fintechx.digital
fyne.studio
gewinnspiel-lederwarenacker.de
www.goblitz.us
mayana-dev.gupshup.io
qa.gwaapp.org
id.healthcenter.vn
heartheaded.de
hlss.jp
www.hogwarts.mp
hossfeld-weber.de
ttict.id.vn
investorverden.dk
auth.ironsteadlabs.com
s.dev.isp.mo
www.jarmos.fi
trades.jenceo.com
jesmok.xyz
www.jesuisfidele.com
staging-roles.k-9apps.com
www.kaamelott2-seances.com
md12.live.kari.network
dl.letsreto.com
luciayemilio.info
www.lulsoftball.com
sushimania.lupi.delivery
maison-aimard.com
www.maison-aimard.com
suvo.masstechbd.com
medsaver.medihelp.co.za
account.meverifyng.com
moliereexpress.com
muslimunitedvoice.nz
www.muslimunitedvoice.nz
najoomi.ai
vivabemagora.net.br
control.nextgen-studios.com
club.nirelcr.com
openforprofit.com
tictactoe.orbamsterdam.com
www.goracacegla.org.pl
app.oslobrassfestival.com
paulandchester.com
www.peppyneuron.com
www.petroservice-sdm.ru
punyachadabewala.com
qbitzone.com
rahatrapor.online
reachblueline.com
catalog.regalfireplaces.com
app.remunera2.cl
rmo.io
romandoing.work
rpfunding.co.uk
www.rsapps.org
schoolsigma.com
www.schoolsigma.com
scribaly.com
seallogistic.in
old.sebdoe.com
showly.in
shubhplasticsindustries.com
slates.co
songlines.app
studywithcharles.com
agent.dev.t-soft.io
music.teammochi.com
lrconsultoria.tec.br
garmin.telethonudine.it
www.tge.fan
www.theherbaldigest.com
theledgerapp.com
theonetik.com
ref.tiande.ru
u482.net
ubzcreative.co.uk
app.uzinduziafrica.com
valimismootor.ee
www.whenstarsalign.net
www.willburgis.dev
pro.zunavish.com
Other domains in certificate