Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=bntlab.cz
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 04, 2025
Valid Until
March 04, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E1:B0:CF:FB:0F:E3:F5:1D:86:91:B9:5C:6E:9A:F2:2A:3D:4E:AD:EE:91:85:04:D1:9C:1A:6E:39:99:AF:F8:25
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
webtohyo.com
aecore-solutions.com
algebraistdates.com
passwords.anb.codes
antaluca.com
enrollment.artschoolsfbay.com
avatar-me.ai
dev.bidlogiq.app
bitpups.com
bntlab.cz
qm.docs.bondvet.com
brettwilliams.dev
www.cheapcarrentalvancouver.com
corraconstruction.co.ke
invite-meet.ktworks.co.kr
concreterush.com
datagrid.cl
de-velopment.co.uk
www.deepinvest.co
digitalfunnel.org
guesser.dijiti.com
video.discoverglimpse.com
dluxury.at
app.stage.doc.cr
www.dreamgyf.com
www.echitect.com
www.ioriente.edu.mx
platforms.elevationai.com
elisabethhreflexoreiki.ca
eprvmnt.com
www.esense-eegenius.com
club.esploravino.com
excelsior.domains
fanza-man.com
fastbudget.it
fayv.xyz
www.fieldfactsbaseball.com
financieramifortaleza.com
www.findmymj.today
app.finpic.com
dev.fudoma.com
applink.gamership.app
geogardenclub.app
sources.getarmada.app
gravityforcetech.com
greatcallcoach.app
app.helperplace.com
hotelberhamporelodge.com
instalp.co
www.jainsavar.com
jbdev.se
one-account.jkierem.com
www.johannfeser.dev
www.jugasalfutbol.com.ar
buzz-recruit.kayac.com
meet.stge.keap.page
www.kimoto.eu
lapanchinabrescia.it
lightglo.ca
lyta-sante.com
phasesofthemoon.m2catalyst.com
www.maestro4edu.com
auth.martinmorris.ar
kf-integration-test.marxent.cloud
mentarimedia.com
layout-dev.mobilizei.com.br
websitetemplate2.moxie.one
www.mrlokimonster.com
dash.nutriacademy.net.br
www.nlcdev.fr
www.okolo.it
palomind.com
www.paranormax.be
parkyypass.com
quattro.partnerhub.co.za
www.prescast.com
mult.quitapay.com
briowireless.recursyve.dev
hsjd.rflex.io
www.richardbound.com
www.santateresitacup.com
www.sapps.io
www.servicios-amr.com
dev.smartviewmd.com
applink.sportshi.io
www.staffinghrm.com
www.stottle.co.uk
svanespelet.no
help.tablechamp.at
app.theroxfox.com
thesofttrainer.com
todaytomorrowyesterday.app
www.tresdcs.com
www.trustonpolymers.com
portal.dev.uiclap.com
valentinasparty.com
vastumitraa.com
auth.google.viastream.com.br
thoaded.walberbeltrame.com
abclearning.wela.online
Other domains in certificate