Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=surat.poltekatipdg.ac.id
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 09, 2025
Valid Until
March 09, 2026
66 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
38:06:48:2C:F2:EE:F5:A9:96:44:D8:18:EA:D8:1F:62:EA:FA:D5:AA:94:D7:A6:EC:1C:BE:77:13:F6:3B:2B:CB
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
therencygroupllc.com
www.3weekwanderlust.com
surat.poltekatipdg.ac.id
www.adarshcodes.com
consumidor.telesemanoel.adv.br
www.consumidor.telesemanoel.adv.br
allandersquash.co.uk
dev.almushaf.net
alwadicleaningservices.com
amonsolutions.com
www.amrfamilycc.com
www.angelatarrance.com
angryjoesbbq.ca
aospguru.com
api.arakene.com.br
wallet-transfer-dev.astropay.com
atlantafoodhub.com
bahraineid.com
banglafighter.com
beaconccoop.com
to.beat81.com
www.beholdermaps.com
bergsneider.dev
dyl.bubblepod.it
www.bullecoliving.com
www.cargoexchange.in
open.changepioneer.app
admin.check-up.biz
www.chronicfilm.net
cibersys.cl
nayarabocas.clau.io
admin.softwarecareers.co.in
cosmicstudios.co.in
cognitedata.com
www.copynote.app
corwinandjan.com
dansinclair.ca
derinaexplorers.com
devamsinternational.com
digital-anomaly.com
www.dingn.com
admin241111.dlog.me
www.e-incube.com
edwinawariyah.com
fictive.app
www.genilson.dev
website.gloovup.com
discord.main.greenlabsvirtuallabs.com
www.gyronetics.at
hsdf.in
ipure.be
www.iqtelemetrics.com
expense.isurumsoysa.com
app.iventi.de
classkeeper.jacoblehenbauer.com
jakelaver.com
dev.jcuapp.com
jewelsafar.in
jonathancarrasconoriega.com
monproducteur.jorigine.fr
online.k-fleet.com
kaizenplatform.net
auth.kayna.cc
larcomlabs.com
uconstrurama.lernit.app
londonontarionow.ca
maamen.com
malayalihub.com
martacampi.com
preview.marteye.ie
maveninbehavior.com
www.mike.fun
nexotron.in
kivisydan-demo.opasta.net
www.openplay.app
base.optimasysdev.com
customer.hypenation.optimasysdev.com
overwriterobotics.com
www.passive-income.pro
cloud.pnv.asia
www.primosti.com.br
www.project9brewing.com
quartto.es
graph.rateballplus.com
www.recreationdevelopers.com
rent309kelly.com
saladhut.com
backend.sendafriend.co
iron.seramont.com
app.surgeonsforsurgeons.com
portal.telico.cloud
www.townhistory.app
bpmn.trailblazer.to
t3.txture.io
tylergordon.ca
udaaniitt.in
utter.fun
me.vitanote.jp
waqarulnaqvi.com
kangas.weup.city
Other domains in certificate