Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=references.bms.vision
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 05, 2025
Valid Until
March 05, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
87:BF:A7:4F:EA:D7:C3:DA:26:93:DB:36:B3:1D:10:8A:BF:EE:52:16:08:96:B9:A9:7B:51:5A:5B:16:A1:ED:8A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.ischool.com.tw
www.3hatproductivity.com
staging.social-wall.additive-apps.eu
run-thru.aisessor.com
ajbarber.ca
amsooproperties.com
quotesapp.apphammer.co
dev.aschwartz.de
bonstetten.avdis.ch
www.basher.app
events.bluegardenjardin.com
references.bms.vision
brunchescrunches.com
stg-workflow.vonder.co.th
www.creditoazul.com.gt
initd-tech.com.sg
confcar.com
consule.sg
app.corai.io
cortexlabs.in
www.csrcloud.app
cup-wise.com
decentralstore.co
www.door2move.com
dragoncrest.games
digitalbadge.dreamcatcher.asia
www.drjohn.dev
dtwotechllc.com
dashboard.elien.app
demo.emr.studio
otodeger.ezelpetrol.com
dev.f2p.tv
failradio.be
adm.fellesverktoy.no
go.flowby.io
www.fluttershape.com
gt3-dev.gestion-traiteur.app
www.gikobazy.com
www.gismatrix.co
gmergeplus.com
modelos.gomezpinzon.com
brad.greatdogcoaching.com
www.guesthouse.photography
www.guilhermebarbosa.dev
www.ibdaa.eu
app.imobiliariamoradadosol.com.br
iwouf.com
www.junsolomon.com
keltakor.hu
krissreeve.com
lalchimiste.club
auth.lifeasacircle.blog
www.app.lobbyspace.me
lossalvadores.cl
json2ld.mapper.tokyo
www.marfala.com
staging.matchsetpoint.co.za
acres.matthewjl.xyz
explorer.mindkiss.com
credicapital-apply.money-phone.com
itsolutions.msbe.co.za
fieldstone.mugsy.ca
nexmoby.com.br
nosch.dev
onillion.com
onops.io
crm.petersterr.de
philipgerke.de
pixelartdraw.com
app.playlunacross.com
qadcss.com
homecook-admin.qc4application.com
api.queueme.co
metadata.radiotoolkit.com
admin.rambox.app
www.raynor.tech
rdgrfe.co
recycledmotors.com
www.redact.at
restaurantar.co.uk
play.riddli.app
www.saluteemergencias.com.br
schedar.org
potluck.sheet.supply
sistemahospitalmaster.com.br
www.soehren.com
timberrattlerstrivia.sqwadhq.com
stare.ro
www.stepstonesupport.org
walters.swapp.work
auth.taskio.app
www.ten-x.dev
terapianeurostimulus.com
www.thierryfalvo.dev
thinklet.ai
tidify.io
m.upwire.com
www.warchest-dojo.app
wildmechs.com
zoospol.cz
Other domains in certificate