Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.macherechair.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
January 30, 2026
Valid Until
April 30, 2026
86 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
30:17:F6:9D:84:81:75:B0:F7:25:15:16:7B:34:CD:15:8C:17:37:9A:51:46:24:A9:31:2A:70:72:A8:54:EF:5F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
socipod.com
3bbfiberhome.com
agent.aginidhi.com
sys.aiminidoge.com
console-legacy.ampify.io
additivesynth.awakening.systems
www.barryfunenglish.com
www.bigskynil.com
bluepo.app
auth.brandcoretech.com
diary.brendanle.me
buerger-fuer-uns-paenz.de
www.carcostcompare.com
dev1.clicktrain.com
www.codemagicx.com
dl.collegedunia.com
impactportal.coralgardeners.org
staging.counselmore.com
diamonddroptaxi.com
www.diamonddroptaxi.com
www.drwilliamrscottscholarship.org
www.eastwooddigitaldynasty.com
www.ecohabitatbuilders.com
functions.eosn.io
evolve360events.com
www.exceltutoringwayland.com
www.ezonetechnologyllc.com
installers.fastsignsdev.com
oven.firebuilt.dev
gamesfarmllc.com
stream.goldenvoice.com
greenvalleyresortkhanvel.com
att.hpn.app
hrocberlin.org
humainvoice.app
indusedge.ca
www.infamy.dev
infinitecom.app
ismcorpprogram.org
juegashf.com
admin-stage.jugaadpk.com
kksurveyor.com
lettergrid.app
www.litethink.ai
lopezismael.com
auth.snake.lskel.com
www.macherechair.com
habit.maxyspark.me
advocate.medlifemovement.org
admin.meeplemeet.app
memoshoes.com
metricsci.com
auth.mockey.ai
www.monetaai.cl
moneymeter.app
mybuildspace.com
nationsdirectmortgagesettlement.com
colmena.net.co
tg.nicezki.com
onemvision.com
link.orbiapp.io
app.outtrove.com
www.pakathealpaca.com
palakkadonlinenews.com
xas.peer-ai.com
pezmix.com
phaztec.com
physofia.com
www.pianolessonsbradford.com
www.piggy.capital
planetarium.life
www.pmccksa.com
pokerbratsports.com
app.prior-ai.com
www.pull-repo.com
app.quizness.dev
www.rzealinc.com
sachinvyadav.com
santi-ago.com
sbautoservice.com
scavengerhunt.cc
shipnsource.com
p2p.simonton.app
www.skaelixadmin.com
origin-aficsor-publish.skawa.fun
dash.skll.app
stefansohlstrom.com
home.steindl.ws
stur.app
teatime.party
www.tennesseecollectionatty.com
thehunarhaat.com
thesciencecapital.org.uk
connections.tribal.app
vdms.storefront.demo.vida.studio
wcupacampsandclinics.com
www.wickedgardengnomes.com
xtradr.app
www.youhavegoals.com
www.zula.ca
Other domains in certificate