Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.onspecials.ca
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 07, 2025
Valid Until
March 07, 2026
88 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
D2:6F:40:08:89:57:75:27:6E:7D:5B:B3:F6:21:AD:AF:AB:86:AC:F9:34:A3:35:CD:34:A2:8D:14:B1:A0:05:DA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.banyardifa.co.uk
11521871.peerly.app
dev.feasibility.cmcnetworks.28east.co.za
joy-sectional-config-test.3dcloud.io
app.adniter.com
aggisoft.com
aipathfinderllc.com
amystic.center
dcf.applogic.in
links.ayu.health
complus-billing.backslashdemo.com
choco.bastien.pw
becometrue.tw
web.blind-tasting.app
www.borrowapencil.com
caoshouse.com
www.sgn.com.do
www.woopetz.com.tw
app-dev.commnia.com
copycut.it
www.cueup.app
www.davidgranado.com
beheer.despil.eu
cdn.diamondtour.vn
dresshere.com
jfrn.drtis.com.br
www.dyno.jp
dzmcp.com
e22915.online
eati.games
baruch.etraderex.com
explorr.app
ezakky.com
beta.f-7.io
fluxusestates.pl
framenudge.com
www.georgiaproud.com
getelogic.com
uat.mobile.gigzlive.com
gkaru.com
griffinwallet.com
grupal.es
www.guildofpitmasters.com
admin.hassakueng.com
devpharmacy13579.healcard.com
inordine.cloud
israelwikipedia.info
janainamenezes.com
www.kritikasoftware.com
utxj.lapieza.io
www.laurakominek.com
lifeisagame.one
linkshot.io
www.louiskishfy.com
mattbull.dev
www.matthias-schmid.de
links-staging.meetnorth.com
bgm.meinevitabilanz.de
nft.melon.ooo
www.midwestbros.com
www.muffut.com
www.nicholashucal.ca
www.noahtaher.com
nutrineo.app
dashboard.olivier-simonneau.fr
www.onspecials.ca
test.pantapa.com
www.paysintech.com
www.porroopenhat.com
www.qaruno.com
qiyfoundation.org
email.admin.qponio.com
www.quindiomagico.com
www.rasfinance.com.au
redboardun.com
rentiple.com
resilientepsicologiayconsultoria.com
uaball.rudigualter.com
filphy.seongkevinlee.com
www.sharingsoil.com
sparksz.sk
sta-wlab.com
firebase.stevengoodram.co.uk
www.suzanoedrleonardo.com
t-oneeye.com
notaria.tallylegal.io
thesimpleclub.ch
app.travelloc.com
www.traversoft.com
trepez.com
www.trithos.com
mobile-dev.truckstop.com
visitct-staging.trueomni.com
www.unifytech.com.au
uplaunchbio.com
www.afa.upwire.com
www.valordoeuro.com.br
ithemes.vidhema.com
vowellsmarketplace.com
demo.zicoh.com
Other domains in certificate