Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=sledmass20202021.ondagoapp.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 21, 2025
Valid Until
December 20, 2025
35 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
73:D8:95:DE:DE:10:EB:FB:2E:F0:4E:91:93:DA:D8:E3:F5:46:72:50:F6:69:47:A0:8E:A9:6B:D9:A3:15:A1:1B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
signalflare.app
gdf.admi.com.ar
laurarasulo.admi.com.ar
trasladossls.admi.com.ar
adwokat-jurczak.pl
ops.airhopping.com
akvotech.com
alfaphysiotherapyclinics.com.au
alpageorzival.ch
www.alperemre.net
traxometro.alynva.com
bolco.ap1.com.br
apphause.co.uk
asahichemtech.com
app.barfordgolf.com
invest.bitfog.co
www.blisskart.in
admin.carteiracliente.com.br
cenergia.es
firmadigital.cetys.mx
link.knocks.co.kr
web.moru.com.np
www.tsi.com.vn
eco.consumer-rights.org
www.craytos.jp
www.qa.crewchiefga.com
hangout.dibarto.nl
www.doiteduscore.kr
www.enderboz.com
bestellen.engelgrill.de
cyber.firedino.com
galigro.com
rendix.gennarodifiandra.it
gergana.dev
staging.getjayde.com
ggwpaid.com
gibox.hu
www.goudsmit.nl
hartmood-music.com
app.ikbi.co.za
www.inbill.com.au
demo.increibleapps.com
itch18.xyz
www.justplaycr.com
www.jym.lv
northtamericatestdec2021.kanto.co
apps.koffeekult.com
kshirabdhi.com
escamun.lapieza.io
www.limesender.com
radarsiscomex.log.br
madshadow.games
dev.metagladiators.co
mindelhotel.cv
www.monapeak.com
movinsas.co
about.namba.design
ifood.namba.design
ingresso-rapido.namba.design
others.namba.design
rapiddo.namba.design
sympla.namba.design
works.namba.design
t1catv-csm.cns.net.tw
www.nexsembly.com
motivation.nightcreationstudio.com
www.notnot.se
sledmass20202021.ondagoapp.com
www.oppgaver.net
www.pattrasm.com
www.pdkalip.com
ptechpeople.net
pos-staging.pubq.se
www.rapid-dimension.se
revolgy.eu
tv.ricardosandez.com
driver-app-admin-staging.rida.ai
ruditsa.ru
admin.safeshepherd.com
scheduledplans.app
scotthollifield.com
edge.sherdeepai.com
personal.slashnext.cloud
www.spfweb.com.br
www.streetdancetraining.com
www.stridhaga.com
www.szoljonrolunk.hu
taktasimov.ru
maintenance.tatiage.com
accounts-dev.tiime.app
stg.t-port-admin.tmls.jp
tridentbuilders.in
admin.trustmile.co
ufos.lat
c.unce.jp
unnfold.com
vancouvermedspa.ca
wiwo.com.co
www.zendkit.com
www.onehub.zodinet.com
Other domains in certificate