Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=vojtechbestak.cz
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 29, 2025
Valid Until
January 27, 2026
70 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
78:17:2A:2F:76:1E:46:9C:1D:EA:AE:2B:A9:AB:C7:BE:07:AB:23:20:8B:88:B7:D1:8A:17:4D:56:6F:D6:49:C7
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Wildcard CAs
pki.goog
; cansignhttpexchanges=yes
ssl.com
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
translam.in
abdullahaldeen.dev
app.aidcingenieros.com
akstudioz.com
www.alsaribroast.com
finance.andychien.me
www.andykarwoski.com
www.apprutanaturaldelriotinto.com
astrowebs.com
avsemprize.com
bankball.net
gbfs.basis-development.bike
blurail.tk
netflix-clone.boostemaboite.dev
admin.caramora.com
cinnabon.clau.io
poker.cloudparker.com
kidsattractions.ynet.co.il
danidepiero.com.ar
apps.davidkratochvil.com
dev-z.eu
link3.dragonacecasino.com
elsalvadorgps.com
hopper.html5.emallstudio.com
www.entityauth.com
stockley-portal.equiem.mobi
monitor.qa.fynchmobility.net
galaxymenu.xyz
gogobitsinc.com
www.gruasulivarria.com.mx
software.helperstudent.com
e.himilanrhofair.it
links.hold.io
auth.homehabit.app
www.hubnerdev.com
immigrationtax.net
spartansbgc.impactwrap.com
abdi.is-a.dev
myominhan.is-a.dev
itsltd.online
www.jamesnicolbooks.com
builder.jayjs.org
jessbellatti.com
junebeecartoons.com
www.keisanghr.com
kharlouskaya.com
virachathub.kkworld.in
slapp.logcgt.com
clubs.magic-form.fr
maths.builders
mattreyn.com
devapp.meny.dk
instashopbahrain.merai.ai
www.metafor.space
gs2gc.metropolitan-works.com
www.minicarbakker.nl
mocoyoyo.com
dlweb.munily.com
miplan.mymoons.pe
run.naepo.xyz
naszeczytanki.pl
numenorgroup.com
pasteleriaamada.es
staging.pages.payaca.com
sfconnectapp.peplink.com
avatarmaker.pepp.in
go.petiukh.com
app.pluhg.com
app.sandbox.pololentes.com.br
app.quoteninja.com
www.radekmarcan.cz
www.reach-tech.com
france.api.ridedott.com
testurl.rxmxcorp.com
saascadetech.com
sainiphysios.com
sampleideal.com
monitoring-test4.vks.secom.jp
shepherdathleticcamps.com
shinei-sharyou.com
www.shinewellnessventura.com
skanelag.com
play.slowed.app
www.smedmann.com
sorachalet.com
traact.soulloop.com
console-live.spont.cash
iteq.stackup.design
tambolabook.in
peter.team7.io
thwoo.party
www.trinch.ca
udel.ukantu.dev
share.staging.ultronar.com
portaldemo.vendorbadge.com
www.vipulrojasara.com
vojtechbestak.cz
writersolo.com
forum.yolov5.com
auth.zingroll.com
Other domains in certificate