Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=card-ar.fr
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
December 19, 2025
Valid Until
March 19, 2026
86 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
69:0C:A8:9E:4E:F6:BA:1A:8D:E6:24:29:06:58:8E:05:82:BE:B2:0D:4D:D5:18:96:0C:95:9B:2E:66:C5:15:18
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Wildcard CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 4 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
www.fimx-certificados.mx
admin.365english.org
www.aimeetheriot.net
app.amorelie.com
app.atout.care
songgame.aydenkuyucu.nl
www.bacalaurescu.ro
bhangra-vibes.com
www.bicknese.nl
biliyo.app
oj.buglife.fun
www.bytenest.org
card-ar.fr
resource-center.carto.io
defi.cbdefi.site
ecom.cbdefi.site
xn--cursani-eyc.centrulminerva.ro
www.chefbey.org
excl.central.co.th
www.resoluteresources.co.zw
convito.id
reco.dorianf.nl
demo.eamc.no
va.emandai.net
experienceinbytes.com
www.githop.com
growithsunshineinst.com
support-query.grupoa.education
homealigner.in
iamtoi.xyz
pumi.idata.hu
impulz.in
www.impulz.in
jcaf.es
sample1.karobarlauncher.pk
krishnabrand.in
dale-login.laibor.ai
ljusverk.se
macconrum.fun
login.majorbuddy.xyz
manarh-d.com
pose.marcelbaur.io
milufizjospa.pl
ideal.mope.sr
www.morrowind.fun
admin.morwils.com
store.mrodrigues.in
dimsdeall.my.id
noreply-tm.my.id
staging.mytrove.co.nz
nasiri.it
www.naszezdrowie-przychodnie.pl
www.laluarts.nawebb.com
join.ngaiyoo.com
kiosk.nustar.systems
overloadtracker.com
nws.projectcpn.eu
auth.projectile.nz
brain.psittacus.com
timespent.q-e-t.ru
reemzetdeveloper.in
blog.reinventing.in
my.relinecode.com
connect-ng-carrier-dashboard.rxoconnectmain.rxo.com
connect-ng-carrier-tenders.rxoconnectmain.rxo.com
connect-ng-claims.rxoconnectmain.rxo.com
connect-ng-invoices.rxoconnectmain.rxo.com
connect-ng-reports.rxoconnectmain.rxo.com
rnr.saikrishna.pro
scaf.ltd
socios.avalfertil.sgroneclick.com
socios.donmariosgr.sgroneclick.com
download.sheercustom.com
aptitude.sheriax.com
www.app.showyourscore.com
delivery.sistemapallas.com.br
www.solid-labs.net
tacticien.fr
beta.followall.tesel.tech
www.theevergreenstrategy.com
transformacja50.pl
www.tutomento.com
mvg.vlatko.mk
repair-alert.vlatko.mk
staging-admin.wheelbees.com
red.wifipublicitario.com
www.xn--21-6kchldd8d2b.xn--p1ai
xn--21-6kchldd8d2b.xn--p1ai
xn--439as4d20ms4n5xf1ta.kr
www.xn--bootsprfung24-2ob.ch
test.xn--brk-1na.no
www.xn--dengladehvel-3jb.no
xn--hyypp-kra.fi
www.xn--kda-ula.se
xn--newwrme-8wa.de
www.xn--r7h.gg
xn--rck2ae8a3p.xn--tckwe
www.xn--skrplabbet-s5a.se
edu.xoog.info
silly2018.yosi.work
Other domains in certificate