Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=xel-toolkit.org
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 03, 2025
Valid Until
February 01, 2026
84 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5B:50:94:23:CC:B4:11:F5:BC:D5:B0:F3:62:1D:7C:0C:7A:81:BF:D4:AE:85:70:4E:95:4E:47:47:5C:1F:1B:03
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
welo-wedding.com
2540.us
reactionic.9lessons.info
agencemedinchina.com
www.aire.pw
www.altairpiniamusica.com
alte.space
projectgraveyard.aronschueler.de
bhmc.org
app.brainey.ai
cockpit.brainey.ai
health2.camtech.org
bonver-test-backoffice.cbdata.cz
chez-loulou.net
cigari.info
internal.leave.clarityapp.in
watc.clementprevot.eu
go.clickacasa.com
quickq.codesh.in
app2.coffideas.com
co.camwin.com.kh
api.comunidadecampolim.com.br
craft.doctor
applink.doc.ua
www.elderlawservices.com
embec.tech
www.ezfy.link
hortivar.fao.org
forbesprivatebank.net
foxpaint.io
funerare-murgeni.ro
geomaxgame.com
energotech.georaport.pl
landing.gevents.it
www.ginavillarreal.com
www.greatfriendsclubuk.com
guitarbuddy.cz
www.heds.io
help-norton.live
humavoid.com
www.ibscoach.org
www.imobiliariazanetti.com.br
www.jerrysel.in
www.jonandjackie.love
yogaday.katiesyogacollective.co.uk
live.levski.bg
loresearch.net
www.loresearch.net
lucidsystems.io
app.mailguru.io
makemycakes.in
matchoupitchou.com
meemees.ee
www.mindfulnessstandard.com
morgadotaberna2017.pt
app.dev.moub.com.br
www.mqiubu.com
andiagussalimaj.my.id
www.nerissasnest.co.uk
www.neurofeedbackhypnosemarseille.fr
link-dinamo.nibo.com.br
events.noneho.com
generalpurpose.pacenotes.io
admin.hyundai.pecas2b.com.br
corona.pinkbeton.com
orders.plsolutions.co.za
mjfd.portfoliolink.co.za
www.prycetech.sg
www.rajukumar.net
www.recomind.io
repinc.net
www.rsw.me
www.rxshep.com
s44.tech
saitou-yasuhiro.com
reunion.salem.edu
www.sawadika.es
sc5418.com
scully.io
www.seedforgood.com
seidemann-meppen.de
knowledge.sem-technology.info
gamechanger.shellcore.org
shipiboayahuascashaman.org
smitetroll.com
staging.snowmonkies.com
www.stopari.org
sygtec.com
temples360.in
www.thrift.house
www.tonramaker.com
consultores.trainme.com.br
treebear.tech
trochoid.hu
www.tzz.me
donate.uscarrom.org
webmastersessions.io
xel-toolkit.org
xglsystems.co.uk
app.yehey.jp
Other domains in certificate