Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=ideamend.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 10, 2025
Valid Until
January 08, 2026
56 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
FD:72:50:65:5B:68:30:44:57:C4:32:0B:A1:48:9A:7F:FE:DD:C9:F5:CD:08:2C:85:85:24:28:4C:4D:B6:25:24
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.dynamiclaser.in
www.aamotoringgroupltd.co.uk
childtube.aboidrees.dev
www.appregulus.com
biz.bookify.ro
www.bytemeandramit.com
www.c-pay.io
management.casalisa.co
cervezatrescruces.com
charcoalsystem.com.br
pwa.city-ol.ch
www.classifyer.app
elcho.como.london
login.staging.controlpad.cloud
www.darenlewis.com
www.discriminatiemelder.nl
business.dlchub.io
edcarveiculos.com.br
eirinc.jp
ejastech.com
crew.emanageone.com
a3.evbatteryreturns.com
www.fantasypremiermcn.com
cdn.firebase.com
fluency.fun
lomake2.fysios.fi
pirates.games235.com
gammacraft.co.uk
www.gerg.in
mobile.habacus.com
hachixp.io
hairlinerestored.com
skex.hamid.tech
hen3rz.com
dev.heycolleagues.com
hi.fi
auth.hicareer.com
hiddenprocrastinationcure.com
change-nat-typ.honk.international
ideamend.com
e1od0.poda.incentable.com
bardochuveiro.infinitifood.com.br
web.appaprasc.infobrcorp.com.br
www.inrenovation.com
instantglance.com
pay.izinga.co.za
www.jamesvmusic.com
www.jarnemyr.com
jaswanth.co.uk
kdentalarts.com
registro-inversionista.latasa.mx
app.life-logue.com
lifecoachforyou.co.za
trees.litta.co
lovingpine.org
lumbung.io
luvbugsnugzandjewlz.com
www.matthew-taylor.dev
hellofresh.mobilenxt.app
monarisotto.com
link.motoran-lampung.com
nexthuman.me
nicholasandrachel.com
www.nottedivina.com
www.nursehealthservice.com
staging.lernwelt.onecareer.de
www.ourpet.app
aneyeonbeautyqa.pgsitecore.com
beautybox.piticommerce.com
terminal.polynar.hu
www.poovarholidays.com
racerent.fi
klms.raddeee.com
rensvdriel.com
verify.ridezum.com
robertomotors.com
rocketbraingames.com
beta.ronandviv.com
rrtechenterprise.com
samustechnologies.com
sbl-labs.com
www.shoplystr.app
gujaratartcorner.showitmax.com
shvrkpools.com
dev.manager.org.smartkeyplatform.io
bsh.speakylink.com
staging.speisekammer-app.de
www.story-wise.com
suscomp.com
suzanoedrleonardo.com
tadkifletaxservices.com
tom-stage.the-talent-accelerator.com
toomanycamps.com
hr.torreeventi.pl
tristolliday.com
inquirer-staging.trustvox.com.br
www.uspgroup.com
admin.visidotapp.com
dev.warswarms.com
wodscribe.com
Other domains in certificate