Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=link-alight-dev.kujakuja.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 27, 2025
Valid Until
January 26, 2026
75 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EC:25:55:AE:A7:08:AF:8E:A5:5D:E2:9C:80:0A:F7:16:BC:BC:E9:3C:C3:86:C2:DB:1D:00:FD:A4:0F:46:A0:43
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
seal.wtf
1nego.jp
management-ekimae.1smallstep.jp
sl-qa.abilitystack.com
allayselfcare.app
actdemo.anyware.software
appifyai.com
dev-auth.attractions.ninja
visuals.baeckerei-koebbe.de
bananafi.com.br
dynamiclinks.bearmeta.io
landings.bee-seller.com
beta.brusketa.app
bullmoosefn.com
centromedicoelvalentino.online
gsitegen.chestnutt.us
app.clever-lift.com
app.closedcaptioncreator.com
auth.cloud-latitude-dev.com
www.vill.co.in
www.prom-opecs.com.ua
www.corehcomunicacaodigital.com.br
cschatbot.online
www.dedicio.com
admin.dream-more.kr
d20.drzaius.io
lotusia.dsinstruments.fr
app.elysiuminsights.com
www.frontinafm.com
tooling.futster.io
gift2star.com
goldfreightz.com
gradefilm.eu
www.graycoding.com
quanly.guixenoibai.vn
hebe.guts.io
gymclan.com
www.harlentrucking.ca
www.heliojr.com
www.hicity.world
holdtotherod.org
hotelroyalgardendaman.in
auth.razamobilebeta.hotphonecard.com
ireallylovethissong.com
villagerio.isnan.me
link.jameda.de
joshuahill.dev
kindbeetle.ru
www.kotie.com
link-alight-dev.kujakuja.com
www.learnnow.today
www.admin.lendi.ph
lunadarkside.com
makemoredigital.com
www.marepsikoloji.com
app.mascotte.ru
dataviewer.maxwellpipe.com
links.maybe-paris.co
dev-web.minna-no-ginko.com
www.moltenpaper.com
functions.morgen.so
www.mybillings.co.uk
mythika.co
nexitence.com
nhchan.com
nicemonkey.studio
www.nubes-bridge.com
www.oathero.com
www.ondotgames.com
assets.ops-com.com
osteopatiaprimo.it
outdoorcoders.com
links.pandacomm.ca
pgm-connect.com
pigeonfiles.com
app.prime-massage.com
triggerword.privatepractice.studio
www.publichealthmegacities.com
www.rainbowlabs.xyz
rayfunahashi.com
sales.reevtech.in
relhero.com
www.rockstarwatch.net
www.rotadoctor.co.uk
barekraft.ruter.no
fireworks.search-maps.com
allah.slices.co
smccomex.com
apersonal.sogafit.net
sorol.ai
chicagofootballclassicshuffle.sqwadhq.com
chicagofootballclassicshuffleadmin.sqwadhq.com
fullconfidence.stratizant.com
sylverwoodflutestudio.com
tejalweb.site
thepartimer.co.uk
ads.visitdunfermline.app
wathiqoon.org
www.wavers.io
xpime.com
Other domains in certificate