Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
CN=www.onspecials.ca
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 07, 2025
Valid Until
March 07, 2026
52 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
D2:6F:40:08:89:57:75:27:6E:7D:5B:B3:F6:21:AD:AF:AB:86:AC:F9:34:A3:35:CD:34:A2:8D:14:B1:A0:05:DA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Content-Type-Options: nosniff
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
godaddy.com
awstrust.com
comodoca.com
sectigo.com
amazon.com
amazonaws.com
globalsign.com
amazontrust.com
pki.goog
; cansignhttpexchanges=yes
Wildcard CAs
amazon.com
letsencrypt.org
amazontrust.com
amazonaws.com
comodoca.com
awstrust.com
globalsign.com
digicert.com
; cansignhttpexchanges=yes
pki.goog
; cansignhttpexchanges=yes
Incident Reporting
mailto:[email protected]
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 11 CAs - consider limiting to only the CAs you actively use
Subject Alternative Names
100 domains
sta-wlab.com
dev.feasibility.cmcnetworks.28east.co.za
joy-sectional-config-test.3dcloud.io
app.adniter.com
aggisoft.com
aipathfinderllc.com
amystic.center
dcf.applogic.in
links.ayu.health
complus-billing.backslashdemo.com
www.banyardifa.co.uk
choco.bastien.pw
becometrue.tw
web.blind-tasting.app
www.borrowapencil.com
caoshouse.com
www.sgn.com.do
www.woopetz.com.tw
app-dev.commnia.com
copycut.it
www.cueup.app
www.davidgranado.com
beheer.despil.eu
cdn.diamondtour.vn
dresshere.com
jfrn.drtis.com.br
www.dyno.jp
dzmcp.com
e22915.online
eati.games
baruch.etraderex.com
explorr.app
ezakky.com
beta.f-7.io
fluxusestates.pl
framenudge.com
www.georgiaproud.com
getelogic.com
uat.mobile.gigzlive.com
gkaru.com
griffinwallet.com
grupal.es
www.guildofpitmasters.com
admin.hassakueng.com
devpharmacy13579.healcard.com
inordine.cloud
israelwikipedia.info
janainamenezes.com
www.kritikasoftware.com
utxj.lapieza.io
www.laurakominek.com
lifeisagame.one
linkshot.io
www.louiskishfy.com
mattbull.dev
www.matthias-schmid.de
links-staging.meetnorth.com
bgm.meinevitabilanz.de
nft.melon.ooo
www.midwestbros.com
www.muffut.com
www.nicholashucal.ca
www.noahtaher.com
nutrineo.app
dashboard.olivier-simonneau.fr
www.onspecials.ca
test.pantapa.com
www.paysintech.com
11521871.peerly.app
www.porroopenhat.com
www.qaruno.com
qiyfoundation.org
email.admin.qponio.com
www.quindiomagico.com
www.rasfinance.com.au
redboardun.com
rentiple.com
resilientepsicologiayconsultoria.com
uaball.rudigualter.com
filphy.seongkevinlee.com
www.sharingsoil.com
sparksz.sk
firebase.stevengoodram.co.uk
www.suzanoedrleonardo.com
t-oneeye.com
notaria.tallylegal.io
thesimpleclub.ch
app.travelloc.com
www.traversoft.com
trepez.com
www.trithos.com
mobile-dev.truckstop.com
visitct-staging.trueomni.com
www.unifytech.com.au
uplaunchbio.com
www.afa.upwire.com
www.valordoeuro.com.br
ithemes.vidhema.com
vowellsmarketplace.com
demo.zicoh.com
Other domains in certificate