Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.morrell.dev
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 29, 2025
Valid Until
January 27, 2026
70 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
E6:B1:36:A6:9C:6B:19:2B:AC:01:88:29:69:80:A2:95:B0:AC:73:20:C2:51:E0:7C:BB:D9:3A:14:15:45:DD:96
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.mooncr.com
1050allen.com
lowes-kitchen-dashboard-test.3dcloud.io
www.agentguido.in
app.agrisound.io
website-builder.album.boutique
amat.me
namakkal.aravindtravels.in
thanjavur.aravindtravels.in
tirunelveli.aravindtravels.in
arborridgeforestry.com
site.bateslogic.net
bhaskaram.in
bravapolo.com
buraktokses.xyz
preview-link.bythewake.com
campese.com.br
carryairs.com
salem.yazhdroptaxi.co.in
timbersoft.co.in
www.alzar.com.gt
auth.big6.dedyn.io
ecare.diastecnologia.com.br
www.dourous.net
conference.dpsglobal.io
www.efindi.com
sweet.emento.dk
admin.fabcars.com
fairsharelaw.us
admin.fishfacts.fo
fleetaid.dk
a0cz.foodle.su
gamesome.nl
gbeuphone.de
link.glocalzone.app
www.go-tec.cl
www.in-a-row.io
www.instituteapp.in
rh.integraweb.es
isaree.ai
www.jakub-boucek.cz
jeffmerrick.net
mwsr.khufrudamonotes.com
www.laraxcapital.com
www.lawindz.com
summa-b-admin.m1studio.co
enexis.acceptance.m4m.io
sg-admin.macademy.in
sgayatri-admin.macademy.in
www.mahaconstructiontnj.in
virudhunagar.makemytriptaxi.com
mau-impro.ch
www.md-tech.in
shared.mhy.es
michaelmatta.net
www.morrell.dev
caetano.mottamilord.com.br
www.murakamiclinic.info
wc.myxteam.com
www.nextbillion.ai
betaqa.offerdox.com
ondagoapp.com
organise-me.co.za
www.p1motor.com
www.pathwayspa.org
sukolcr.pedidomovil.es
web.prismantap-nar.com
deeplink.qlash.gg
www.quantsteps.com
www.revolutionary.gg
link.ringid.com
www.sawallocouture.com
shepherdessandcompany.com
www.shivalikjewels.com
shortflixindia.in
fbh.skeinway.com
skyscapesoftware.com
www.smartkidzclub.com
www.sns.gg
solo-thai.com
app.spake.io
www.staromestskabrana.cz
www.sternthal.org
stage.talktovarun.com
www.termefacile.com
www.tmhsorchestra.com
tracking.tms.one
todo.ultof.com
urbanblack.eu
urgedservices.com
www.vavagroup.us
vinotintosmlb.com.ve
ehealth.virtooally.com
wg.wage.jp
mandenibookings.web.za
publix.weeklyad.deals
wsn.de
www.yathraguruji.com
static-dev.yodo.ch
kitchen.yumitos.com
Other domains in certificate