Open
Cached
·
just now
75/100
SECURITY SCORE
Certificate Information
Subject
CN=www.pho3.de
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 03, 2025
Valid Until
February 01, 2026
82 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A2:68:1D:6C:4B:E5:48:1A:09:B1:3E:00:8D:10:DD:EA:98:66:FD:5C:58:6C:2B:1E:45:B6:A7:BF:4E:32:8B:14
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
wellness-menta.ynet.co.il
5bits.it
ac-initiative.com
actualshitcoin.com
airtight.sk
blog.animus-surge.space
artafinance.com
www.aspire-city-districts.com
aspireacademyrw.org
www.atlat.de
backch.at
www.bittools.dev
app.brewerstage.com
brough.am
theculturelab.bytekast.io
www.carbsonplate.com
secret-society-staging.cardero.games
www.caylerchicks.com
www.caylershop.de
ranipet.citydroptaxi.com
www.coder.page
dev.tracking.lng.com.sg
www.cricinclusive.com
cyborg.social
portfolio.priyansh.datyal.com
despotdevelopment.com
digiwil.nl
www.dippysheep.xyz
e-club.space
ericandhayley.com
fakturama.pl
admin.fastfactslive.com
chartybot.fastfactslive.com
financialskills.net
site.fitoenergetica.com.br
flixic.online
organizers.game7.in
platform.gamtha.com
www.gichidog.com
meatton.go1pos.com
plastic-app.gocad.de
rms.hicity.world
app.historik.com
school.hoshmand.org
clubesaito.hrtech.com.br
huskysoftware.com.ar
www.jianan.li
rental.khareem.com
app.konwallet.com
app.lcmcnet.com
ledgera.finance
dashboard.letscooee.com
my.linkpad.bio
makaredet.no
www.mandal.page
member.staging.mason-fifth.co.uk
cambridge.mathematic.org
promotion.mclarenrealestate.com.au
minikal.com
mohamed.co.nz
www.msubeaverscamps.org
mtn-web-notify.mws.fr
vikk.my.id
www.myditation.app
gatoraid.hackathon.ncino.cloud
newhopeorphans.org
www.nyami.cat
one-international-towers.onugo.cloud
palmat-app.oz-tms.com
www.pho3.de
pixel-me.tokyo
potacia-onetr.com
beta.powertechs.us
valets.pro910.com
pronobisml.com
quantumworks.blog
www.reidaviresidencial.com.br
wordle.rfr.im
www.seankutash.com
slnvaluers.com
dashboard.snowmonkies.com
spexware.com
www.steelthreadconsulting.ca
bodamoralesdubon.swanmoments.net
alcoholzelftest.tactus.nl
tautech.com.mx
www.techntile.com
www.the365collective.com
tlati.com.mx
atlanta.tnshipping.us
demo1.tranzita.com
www.trooth.com
www.ummatan.org
link.upgradingdave.com
www.urielvillalva.com
utilhub.org
vincentkle.com
worlddata.app
blissapp.zamlern.com
link.zingbus.com
Other domains in certificate