Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=crossfit-waterloo.be
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 23, 2025
Valid Until
March 23, 2026
86 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
18:29:06:0E:E8:A7:71:C1:18:CE:B7:60:8A:0B:D2:06:9F:F4:31:23:52:6D:1B:5C:DC:16:45:63:38:F0:49:13
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.fullstackreboot.com
backflip.12traits.com
adanos.xyz
www.afgpdi.org
www.amooto.in
link.ampere.co.uk
testefirebase.appcidades.com.br
arnabshikder.com
atszambia.com
ordernow.beijingstreetfood.com
app-uat.benjiinvestments.com
cloud.bierbot.com
www.blueammoniaplantgbc.qa
www.bluestars-aachen.de
camilleribrad.com
camsoulsby.com
thoothukudi.yazhdroptaxi.co.in
codeandmore.pl
codegen.ninja
www.colacys.com
sdlibrary.scinnova.com.ph
crossfit-waterloo.be
git.detzglobal.com
app.digitalbroker.io
app.docally.ai
drapriscillaandrade.com.br
elartedemivejez.com
www.enumat.com
www.ermiranebihu.com
flirti.chat
frescofirenze.com
identity-portal.fringe.nl
gaia.ng
goalstatshub.com
goodshoppinglist.app
goosegame.co
growthlab.club
www.harmoniouswork.com
harteliebe.com
hedron.today
www.hootyhoo.life
auth.hushaffair.com
drawing-board.imd1whonocks.com
mitarbeiterportal.service.inwendo.cloud
www.jesann.dev
jumpstartdevelopments.com
kamalanaatelier.com
spotlit.kamkhub.fi
kardless.com
link.libacoffee.com
mantraroom.org
mapmypet.info
link.matamath.net
investors.merchantopportunitiesfund.com
tienda.mexdoors.com
www.mleib.com
morokwood.com
www.mushegh.dev
demo.mymoodbit.com
test.reportal.netresult.app
share.notefuel.com
onthejob.site
www.osypov.com
staging.app.pairtreefamily.com
paku.pe
www.parkjiwoong.com
einargretch.pozoltech.com
app.pspmetrics.com
psychotherapie-haas.at
messenger.range.net
rescatetecnicoit.cl
www.reuticom.ch
shunit10.rezidnet.com
os.riseos.care
riseummah.com
rizamou.com
rwmclassroom-staging.com
sagesticsbrakes.com
salcar-smart.cl
www.saleogy.com
api.samurices.xyz
scout3d.app
shefamilies.com
shorewise.no
www.spdg.pl
spicyfingers.us
gwpoll.sqwadhq.com
gwpolladmin.sqwadhq.com
vtechtrivia.sqwadhq.com
stashdog.io
sticknodes.skin
www.storysynth.org
blog.sumonahmed.info
client.symmetryapp.org
app.talentosdocampo.com.br
travelmaps.club
www.view-bme.com
vinsara.com.au
waldbrand.app
link.woov.to
Other domains in certificate