Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=xca.pe
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 20, 2025
Valid Until
March 20, 2026
85 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
1C:93:25:7D:7A:7A:B3:BC:79:A9:C3:04:45:1D:86:9A:B9:0B:85:1F:F6:57:77:78:B6:0B:1F:5A:A8:9F:A4:23
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
sayedu.net
2040.im
test.adambridges.ca
circles.adva.io
aizone2.pro
blog.almeraim.com
altriconsultancy.com
www.anotherline.nl
www.assertionaccounting.com
bookmypharmacy.com
bytakora.com
www.certifiedtrue.co
roji-no-chabako.chaai.info
www.chennaicalltaxi.in
app.chewins.nl
www.chrysalyst.com
citycenter-dental.com
cleverblocks.io
fe.dev.codra.se
paylink-uat.apdbank.com.kh
dailydentist.ca
definitiveinventories.co.uk
devengineeringlibrary.co.nz
dive.bio
donaldposkitt.com
admin-staging.driverguide.is
www.e1group.net
colegioatid.edu.mx
dashboard.estatesync.com
eterkit.com
exp-ai.com
demolink.fastesthealth.in
flutterdude.com
login.forbes.com
beta.foundershield.com
sdk-wuolah.froged.com
www.gdmesas.com.br
m.giddy.co
series.gmph.co
portal.greaterheightssch.org
group-reading.com
gunespeksen.com
app.guri-tech.net
havasuoffer.com
admin.auction.holmasto.fi
howfastdoitype.com
hushhushgali.com
ar.staging.illust.space
corinna-chatbot.innfactory.de
www.ipbatossjc.com.br
qualicliente.dev.portalcliente.izii.io
www.kerstnachtdiensthasselt.nl
calculator.khinfosoft.com
koomzo.com
link-ai.co.jp
www.livestreamsvoortheaters.nl
portal.mandy-app.com
www.marcellaza.com
mariatech.io
app.marimole.com
massiva.sk
mech-key.com
mediafinanciers.com
add-dev.meeter.de
www.metalcort.net
monadox.tech
www.motoveapp.net
www.napes.co.uk
newspace.im
njtravel.nl
www.objektia.se
wine.advisor.app.omnisense.io
issuelog.pacificrimgc.net
old.pack744.com
pamoteam.com
partiallyrekt.com
pedefacilsolusys.com.br
booking.plus3trainings.eu
www.portail-restaurer.ca
nozulu.bookings.ratality.com
rentafi.org
sahilhpatel.com
salus.sh
www.sam-harris.co.uk
savvysale.ca
sheqprac.com
showlife.app
www.sliitfoss.org
www.tcitl.in
testingyvr.ca
theweekendwarriors.com
www.tridax.lk
www.ubicuo.com.ar
www.usdtea.io
dev.widget.vestico.co
uat.voicex.vn
cdn.es.voxelmax.com
engage.wdsra.voyagernetz.us
xca.pe
tule-fb.yushakobo.info
Other domains in certificate