Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=covidvaccine-testing.mayamd.ai
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
January 02, 2026
Valid Until
April 02, 2026
84 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3E:2E:34:AC:AA:24:88:47:AB:3F:B5:35:9B:F2:CC:17:A0:2B:0B:FE:E1:E2:D2:26:C5:4A:DF:4A:59:F5:B0:BC
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.allincare.in
app.365truckingexpo.com
data.acatar.pl
activatedcarbongold.com
kbat.acuizen.com
adantor.com
www.agroantioquiadigital.com
aims.zone
almafetinci.com
amysadventuresclub.com
links.angelcam.com
www.anne-sophie-et-lucas.com
app4.it
aquiganantodos.com
asoya.co
astral-infotech.com
audiolanka.com
web.autocentroltda.com.co
www.avatarcabal.xyz
www.bancodeagua.com
app.bushnellgolf.com
capitaldude.com
cirkitex.com
www.calmnest.co.in
coastline-vending.com
sthasagun.com.np
portal.crackersworldsivakasi.in
www.crackersworldsivakasi.in
davetiyematik.com
nfc.daylybread.com
nfc.dev.daylybread.com
platform.daylybread.com
dennis-mwaura.com
www.deutschi.app
dhirunand.com
staging.imaging.dicomlab.com
auth.divshot.com
www.easyscratch.app
pitchdeck.eatsleepplaygames.com
manager.echad.digital
www-fbh-dyno.exportoutlookmacmail.com
dashboard-dev.fhinck.com
cpl.fishtank.cloud
flinchub.com
flytinary.com
fpdesignpermits.com
vpn.furkansandal.com
g7satta.com
get-cookin.com
getaskemaun.com
gfm-fvd.com
glowmonize.com
shop.goopay.app
www.habit360.app
hanam.ca
ibg.church
impeachdjt.com
jobertol.com
kienzlerpoolservices.com
dt.knolskape.com
kosmala.dev
l2sporttraining.com
www.mavithahomes.lk
covidvaccine-testing.mayamd.ai
telemedicine-dev.mayamd.ai
melmiranda.com
migloren.com
dev.mirkwood-munchies.app
jeu-sodiva.monjeu.app
pro.monsuivilogement.fr
monusd.com
neoprismlabs.in
app-prod.newslit.co
nocka.co
novacovici.dev
showcase.petworks.app
bct-mp-dev.pixelkinggaming.com
pulgadevalverde.com
requiero.app
rsgear.business
stenhousemuir.scouthub.app
securecodelabs.co
www.signoff.me
www.solnary.com
m.sousan.app
sympllizy.com.br
vue.tricksgym.com
cer.turnosweb.app
vulk.turnosweb.app
akl.glass.ufg.co.nz
www.uniqornio.com
utopic-ai.ro
valcarce.com.ar
links.waggle.in
xlsx-exporter.com
profile.yogautomo.art
www.zencom.com.ar
static01.storage.zoagest.fr
agi.zolnoi.app
bajajpro.zolnoi.app
Other domains in certificate