Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.habitatconstruction.ca
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 05, 2025
Valid Until
March 05, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
07:B1:37:F7:DF:40:6F:E3:6E:03:BC:41:73:28:31:E5:EC:CC:C4:4B:F7:F0:CD:B4:24:CA:C5:51:A8:EB:94:19
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.globalberries.cl
days-off.a2-dev.fr
allthemidi.com
anity.jp
cao-gehandicaptenzorg.appdashboard.nl
artobai.com
tacomar.asap2go.com
api.ppr.studio.atlantide.io
www.attractiveconsulting.com
bowker-admin.auassist.com
dailyapp.augmity.com
azizmb.com
barbaraantelo.com
beautyplusae.com
www.belmontrunners.com
bluestarnova.com
online-photoshop.bricksbit.com
www.bryaxis.com
cedime.com.mx
www.claratecnologia.com.br
www.closar.com
auth.damri.co.id
chwstartup.co.kr
lartofficial.co.kr
www.descartesapp.co.kr
portfolio.codewave.be
app.cogenii.com
www.creativeitc-mythbuster.com
www.dalchemy.com
dastanapps.com
devappdigital.com
team-uat.digiqc.com
team.digiqc.com
test.digitaloan.com
doc4doc.com.br
kiosk.stage.doorjames.com
www.driveproseries.com.br
www.eraucheta.ru
passiv.fckosova.ch
femsafez.com
employee.staging.gajiku.asia
docinsights.galvia.ai
alpha.getbillx.com
product.ginga.co.jp
www.gnandcoca.com
ehstoresites.goedge.ca
www.gofundrobots.org
www.guiquental.com.br
www.habitatconstruction.ca
happensdance.com.au
healthnote.lk
d.hellodoc.app
v3-sweet.impactwrap.com
resource.infinityfact.com
baresalgsapp.internapp.no
nacionalsaude.portalcliente.izii.io
storybert.jakob-fuss.com
join.jethr.com
jiaphotography.com
jinro.chat
joey618.top
envs.kato.rocks
www.kritikos-sm.gr
damn2.lookfor.hk
admin.manga-reader.click
milevit.cz
firebase.miselog.net
demo.app.monetaa.com
personal.moniti.app
moonsetlabs.com
woodlea.myglobe.app
auth.test.mysitch.app
www.ascension.myworkportal.ie
console.nftmonk.app
www.pantalons.nl
www.peakdieselservices.com.au
www.obter.pedidorapido.app
www.pockt.com.au
test.polizze.app
trainings.principleclean.com
firebase-auth.pubmenu.app
test.puzzlepass.io
recriminel.ch
staging-admin.riseos.care
sakurafp.co
anna.sapalscy.pl
derby.scouthub.app
www.signite.jp
admin.skipt.app
www.refer.smilehandyy.com
kutter.solongo.app
thebirdwingsigiriya.com
www.tinttec.ch
trageberatung-lisareif.de
www.transition9.ai
map.trytaste.app
www.vigevanoclimbing.it
shop.waldorfeszt.hu
farmbetter.yux.digital
mapscmlc.zgus.com
Other domains in certificate