Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=search.rit.services
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 30, 2025
Valid Until
January 28, 2026
54 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
65:08:3C:93:45:E5:AF:24:F6:0D:CE:AC:95:8A:70:74:C3:95:0F:6B:A4:5D:9E:B9:26:95:D0:B8:AD:89:C7:8D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
southernroots.in
abe1.com
acrilicosmexico.com
advenxa.com
www.ai-camera.app
user.allmylinks.co.za
panel.altscore.ai
anytimemoneyonline.in
articindigo.co.za
athmamanna.com
www.bellbytes.com
project1.benicio.one
www.bienenwiese-karl.de
admin.catalogos-rapidos.com
ccots.app
celenaut.com
certivox.com
dev-candidate.cnect.jobs
calmnest.co.in
www.colorleap.app
www.coredot.io
db-soft.be
mi.desdemalta.com
js.dfend.app
dreamnestconstruction.co.nz
dually.it
ordinidilavoro.ecoflumen.it
documentos.uniguairaca.edu.br
test.eta-technologies.com
schlauch-select.fierthbauer.app
gamemakeritalia.it
www.garny.app
acorde.gerenciaescola.com.br
geriatriacoracaodemaria.com.br
www.globalremodelingservices.com
gouvernance.app
www.halal.ad
core.hedged.in
howtomakefirstchair.com
ictjoobs.be
imagedesigntools.com
links.infiniteinfo.app
insidertracker.io
kamil-bobrowski.com
app.keeperflow.com
www.kisfali.com
lokakshemam.org
affco.staging.m2x.app
www.manage-it.app
dashboard.mean.pet
mergemate.app
metriport.ai
frm.mileseducation.com
open.mixgrid.info
assessment.nervaibs.com
x.sou.net.br
www.nisargd.com
www.njhomes.us
www.nlove.de
test.noline.dk
www.notolerated.co.uk
noxchat.in
onzenieuweenergie.nl
web.p3rkstudios.com
panama.pedidosmuinos.com
www.planet-do.com
auth.proximot.fr
admin.pruoo.com
app.quitapay.com.br
studio.riarkdigital.com
search.rit.services
saborastationery.com
www.sadiqqara.com
www.saranonewaytaxi.com
www.savordi.com
checkout.sicrux.app
content.next.siden.io
link.sitata.app
tudor.sky-boy.com
www.solon-labs.com
www.stepworldapp.com
demo.suyena.com
teamscheduler.io
alpha.teravit.app
the-tricktionary.com
www.thedowlinglife.com
app.thesmartflip.com
www.thesundewmall.com
vasavi.thirdeye.app
www.thryngabriel.com
tinttec.de
tunysnotes.com
ultimateblackhistory.com
wpmock.poc.unsproject.com
www.walue.app
wiehanvermeulen.co.za
workpermitpro.com
teachers.xqmath.com
applink.ykasandbox.com
youwot.co
Other domains in certificate