Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=itaituba.bioponto.sistemasnemesis.com.br
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 13, 2025
Valid Until
January 12, 2026
62 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
12:63:7E:83:0B:7B:38:E9:BF:C9:AE:0D:D9:AA:62:BD:21:B1:B1:6D:14:FB:39:0B:FC:63:F2:35:7E:29:B7:B8
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
wellnessapp.simpayx.com
11521831.peerly.app
affiplay.com
aipine.de
alley.biz
odonto.apis.ar
split.apptohelp.me
modeler-test.atrigam.com
www.avkempen.be
ayasca.net
dev.balin.app
www.birminghambanglatv.co.uk
swap.bomb.exchange
brandonsimon.xyz
www.brockmann.one
brouhaha.ai
brux.design
carbonsaltclean.com
www.carletonweb.co.uk
citizenjournalist.org
deeplink.clickfarm.vn
clinbench.com
www.clinbench.com
covid.webwise.co.il
diprom.weget.co.th
www.dalia.digital
docs.connect-platform.dataggo.com
deep6.app
firebase.deveo.dk
colab-life.dgsys.com.br
signagio.easysignage.app
www.egp.vn
www.ekenedilichukwu.com
asistencias.escuelard.com
brewfalls.experiencesiouxfalls.com
ffcspro.me
spynda.filipmiik.cz
www.finbud.app
gdjs.foodle.su
www.freecity.finance
g-shipping.it
gbcorp.kr
www.geolocation.fr
dl.growingdots.com
grunsys.nl
guillesierra.com
heyhallway.com
admin.highglamp.com
business.impacto.eco
innobytes.top
callback.javascriptx.com
weatherapp.kols.dk
beta.lelundidespatates.com
www.linekrit.com
www.literaseed.org
www.livraison-express.net
www.local-heroes.ch
flickup.logicwind.co
loicbarbier.fr
bimhydas.mhydas.com.br
mrchpeachygame.com
kb.naava.app
twinkle.nandenjin.com
ninjacuan.id
simulate.cert.novafutur.com
officex.app
nawarika.olalsoft.com
app.oleoponto.com.br
www.onionshack.com
partnerly.se
restaurant.preprod.paymytable.com
pazaakonline.com
phdbydesignsearch.com
app.ppi-cloud.de
www.prath.am
www.productosbogota.com
sa.qizy.in
quanlytro.vn
www.radio-regenbogen.de
link.radiotoolkit.com
www.randomnamegenerators.com
scrapitt.xyz
www.scrapitt.xyz
seasonaljob.app
seasonalwork.app
selincicek.com
itaituba.bioponto.sistemasnemesis.com.br
geoar.sk-global.biz
squeezeberry.in
react-router.staffshift.com
www.starchat.dk
stormnado.blog
www.stratis.dk
v1.tanchiachun.com
otp-staging.tech-scheduler.com
toms-pc-help.co.uk
testgare.giochimatematici.unibocconi.it
valkyr.dk
valuation-webview.vietmoney.vn
mng.zahra.farm
Other domains in certificate