Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
CN=enher-green.es
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 04, 2025
Valid Until
February 02, 2026
42 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
CC:68:F8:43:14:E4:69:86:10:AF:9D:77:B8:B2:60:08:2C:49:9D:5F:B4:62:58:9E:80:62:4B:48:DB:C3:DD:E8
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
default-src; object-src; frame-src; +5 more
default-src 'self'; object-src 'self'; frame-src 'self' https://js.stripe.com/ https://js.stripe.com/v3/ https://www.google.com/recaptcha/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com/ https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.gstatic.com/charts/ https://cdn.tiny.cloud/1//tinymce/6/tinymce.min.js https://js.stripe.com https://js.stripe.com/v3/ data:; connect-src 'self' https://*.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://www.google.com/recaptcha/ https://js.stripe.com/v3/ https://geolocation-db.com/json/ data:; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com/charts/ 'unsafe-inline'; img-src 'self' https://www.google-analytics.com https://www.gstatic.com/charts/ https://www.googletagmanager.com https://sp.tinymce.com/ *.googleapis.com *.ggpht.com data:; font-src 'self' https://fonts.gstatic.com https://www.gstatic.com/charts/ data:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.flyingkiwi.eu
2020.devfest.gdg.org.ua
2coool.net
www.3l.nl
staging-api.adniter.com
agilityshowsonline.live
www.al-ge.com
apnasahyogi.in
dev-portal.arrayapp.io
axtrana.com
www.bbotix.com
www.bc7ee362.dev
solvangsenteret.beboerlista.no
beerandwingsgaming.com
risingstar.blackmint.io
blocklines.site
form-scheduler.carebook.jp
secours.ceafrica.biz
chaosbard.com
dl.staging.co-tasker.com
algoturtle.co.in
www.paperpal.co.in
anup-pokharel.com.np
dadot.net
danoaesthetics.vip
www.davidgerharddemmer.com
deaaz.ma
deepvelop.nl
beta.dine-oppskrifter.no
www.doutoraalicecastro.com.br
enbil.net
enher-green.es
sleeppod.eventmaster.jobs
www.everyicon.xyz
exprezzzo.com
shaima.exthgen.ai
www.fantagt.it
stas.filippov.com
www.form.house
worker.link.gigsmart.ninja
app.goodiefy.me
auth.hexlabs.org
hisakaz0.xyz
www.hitboiii.com
iadeldorado.com.br
it200036.id.vn
teachers-discounts.landing.johnfowlerholidays.com
www.junkdrawer.io
dev-clientes.k-9apps.com
karimab.com
daily.kimberlockhart.com
showcase.kradster.com
kron-imobiliare.ro
sanei-tv.lfv.jp
linkuestays.com
www.lukemartinresnick.com
luna.co.jp
dev.macros.work
www.magnes.me
www.mailertrack.app
www.mathquizily.uk
mivoto.net
nfcdisplay.mjvirtualevents.com
shiftup-app.mountainhops.co.za
tjung.my.id
www.nammed.app
www.nittakazoku.com
v1.nkofestival.ru
sopalavra.org.br
calculator.pakhms.com
bartizan.partnerhub.co.za
pclglobal.xyz
prachaar.net
app.psypack.com
punchlinor.com
quicktasks.app
www.ranjannayak.in
staging.system.resbutler.com
www.ryonaket.com
arsskyrsla2024.samorka.is
www.sasurgimed.in
www.seita-consulting.com
www.setrep.app
www.shibacode.com
control.skykit.com
pc-app.spotsuku.io
www.strategicclaimsdirection.com
portal.dev.strukd.com
bodaandinohernandez.swanmoments.net
techtoall.org
thesausagefest.org
www.thisolddc.com
www.urm8.com
uscrowdmanagement.com
auth.walletanatomy.com
wedding-cuisine.de
www.wesselbuchling.com
pandaemonium.writerduet.studio
wrktech.com.br
staging-fe.xpsads.com
Other domains in certificate