Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.matthew-hanson.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 17, 2025
Valid Until
January 15, 2026
54 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
8B:07:4F:56:6E:5D:B0:0B:D0:BA:6E:F8:5B:FC:EE:67:08:B5:E7:09:CD:8E:9E:F9:EA:A3:18:BD:22:E5:CE:06
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
thomasmorus.be
fabuwood-cert.3dcloud.io
dev.mobile.8hex.pro
aasicplastic.com
abiinteriors.com
app.adva.io
aedwardshuntington.com
aidenmhr.com
alnaseem-gardens.store
blue-dahlia.com
config.bmair.com
bnry.de
www.bongga.dev
campusquiz.de
app.carizz.in
cms.preprod.challengeacceptedapp.com
www.civfinder.com
clubvipvacation.com
www.cmgn.io
josh.wiew.co.in
musicapp.coolcold.co.uk
spolocnikseniorov.copacodu.com
cristiangarcia.dev
www.dassheep.tech
daysbeyond.de
dev-career.dena.com
metaclass.dens.dev
www.desertcrownrealty.com
webapp.dmvhealthtrainings.com
drumplusfitness.com
www.dua.life
e-mente.net
easyfi.me
www.eigopro.solutions
www.evelynbauer.ca
familiar-app.evisjap.co.jp
freshchat.xyz
futdate.app
gevents.it
peerspace.greybluash.com
www.hbhub.in
comparison-sandbox.homebox.co.uk
admin.joinstack.tech
www.jost.dev
www.konohakoders.com
www.linfieldfarm.info
lolagarden.com
www.lolagarden.com
www.masterdis.us
www.matthew-hanson.com
www.memaree.nl
www.mercadorural.ar
www.michaelmund.ca
montagnetv.com
hashtag.myrealfood.app
www.notaspampeanas.com
omwarchive.xyz
onlydev.co.za
www.ouitherapeutics.com
outharm.com
peacefulcreations.co
app.pecurasystems.com
relxer.piticommerce.com
nexus.portfoliolink.co.za
pouchfreeapp.com
premierfc.tv
prismapinkfloyd.com
probuilder.ca
przepisomix.pl
www.purplebits.co.uk
qubitdna.us
rabelais.kr
riteshsaxena.dev
app-staging.rliable.com
www.royalone.mx
pwa-test.terangihakahaka.school.nz
actie.scoutingbladel.nl
sesau.ca
siamdoduang.com
spandaq.ai
ndhockeysendprizesadmin.sqwadhq.com
www.staige.net
sundayswag.co.za
syncomusic.com
app.talk.bi
tech-labz.com
teluguchurch.us
thresholdstudio.ca
timeto.work
member-gentei.tindabox.net
www.tintbolt.com
torokmuszakipark.hu
servicios.traquisa.net
staging.admin.turf.to
www.uamiguitos.com
urbanmusafir.com
vellalarmanavizha.com
course.vertexai.io
mobile-stag.vetzy.online
www.ynoor.me
Other domains in certificate