Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=ra.tokafintech.mx
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 09, 2025
Valid Until
January 07, 2026
56 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E4:21:33:D3:10:2C:33:DA:40:CA:70:D3:40:A7:D2:35:FA:16:94:CD:22:53:1E:4E:2F:77:4D:F7:2B:70:7F:36
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.jakedup.com
dwr-kongfigurator-cert.3dcloud.io
abhc.asia
actordirect.com
ad-portal.adastria.co.jp
staging.marketing-insights.additive-apps.eu
alfaizanulquran.com
app.asktheos.com
asktheos.com
admin.app.aurora-clinic.jp
brainlotto.com
admin.qa-prod1.cargamos.com
chatgpico.com
cloudcrumbly.io
agent.pafpay.co.in
careerschool.co.in
edamames.com.es
cyberdefendx.org
med.distrisuper.com
app.ekatra.io
bestellen.essen-foodhouse.de
www.eternity.com.ar
fnbg.co.uk
forgelogicllc.com
painelcarloschagas.g2canal.com.br
link.getsendit.io
ghostjobhunter.com
gripgptz.com
clinicas.gustavofreitas.dev
tess-admin.haii.io
www.hardartcore.com
hesaplipc.info
apps.igeddit.ca
innopix.co
projects.kantas.net
oauth.kuentro.ai
kuzapoints.com
shokunin.latelier.co
loterias.link
manikandan.me
precinct.melbookings.com
memorybook.es
metrichem.com
migarage.shop
mitaxiamarillo.com
www.mogx.dev
auth.mytelnet.co.za
nessetem.com.br
nicolas-leteinturier.com
nitishkumar.info
www.rendering.nkportfolio.com
nocodeskul.com
nueveolas.es
on-the-metal.net
www.orch.life
www.phabmarketing.com
pintadogratis.com
intouch.plmj.pt
podcastrecycling.com
jogodamemoria.eduardostuart.pro.br
firetalk.rac.su
www.reparatur.info
risk-takers.net
robobobo.io
rtienda.com
www.ryerson.ai
www.saisondeski.fr
sallaexpress.com
ebooks.sarasavi.lk
sellwisehq.com
newsletter2k23.senwellgroup.com
shreyanshjain.dev
slco.dev
jixdzsshj5wbqxmmxsmi.smartimob.io
lite.sphure.app
spolfin.cz
stryva.app
syntelix.net
field.tapraise.app
www.teamstatus.net
otello.staging.tekfluent-softwares.com
terriblegames.biz
assessments.thecalisthenics.com
rzkads.themediatrade.com
ra.tokafintech.mx
trigger.me
m.trufflemarket.it
umalusiengineering.com
www.unicorndroptaxi.com
ca.unitix.dk
shop.vert.farm
vibetodev.com
login.villagepaisa.com
city.visualperspective.io
app.vocalizecolumbus.org
testing.erp.wedevelop.me
wisebros.biz
www.witty-services.fr
yuvakarshan.com
docs.zksync.io
Other domains in certificate