Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=cms.gemara-health.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 09, 2025
Valid Until
January 07, 2026
38 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
CF:C4:F4:AB:FD:D5:55:7C:2C:D7:5A:CD:0C:62:3E:F8:57:85:27:3E:22:00:CE:83:43:ED:B8:DB:7D:1C:3E:5C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.prettybrains.com
ph.1800flynow.com
www.9buddy.com
www.aeroglobe.io
attackspace.alfonsov.com
zeroqbot.appsaur.com
app.asistmedic.com
ar-staging.b-arro.ws
beonbuy.com
oem.autoevmart.blubirch.com
brianatravel.ro
cankilic.com
clairebotman.id.au
instore.clienteller.com
communityhubapp.co.uk
crossan.net
www.dataventures.ca
glow.decodedetroit.com
www.dietwhisperer.com
app.faruv.com
old.app.fatex.io
www.feedback.exchange
cwenerji.filokar.com
galerias.findupix.com
www.flinkest.io
foodhunter.online
app.fortalecerh.com
fortitudewomensgym.com.au
cms.gemara-health.com
leaderboards.giflytics.com
test.jreader.greycastle.se
www.admin.hesscon.co.za
hotpinkpottery.com
mail.imetalab.ca
www.investmentpropertyconsults.com
iovoto.live
www.komati.app
stellar.makemhz.com
wedding.masahikokobayashi.com
pimaster.matrixengagementgroup.com
www.mattholy.com
meethineem.com
metatechit.com
auth.mfests.com
migueldelagarza.dev
go.mo-t.com
equitybank-apply-staging.money-phone.com
www.murrayspellingbee.com
auth.nebikiquest.com
dreamcode.net.br
www.niage-touchpoint.com
noqu.eu
app.note-n-do.com
about.ntapi.xyz
www.opportunitiesforzimbabweans.com
tstmp.paktive.com
panda-coders.com
pos-api-stage.paydoo.com
www.piotrkuklo.com
developers.pufsecurity.com
hm-v2.qasoftsolution.com
misa-dev.qasoftsolution.com
webmail.quickfast.com
quizzone.no
www.rafiulhasan.com
rammoozz.com
www.re.tn
api.referberry.com
resolvve.com
reveurcritique.com
www.ricardomejiastravieso.com
www.scanningcars.com
scorpiancrackers.com
see-in-ar.com
seetoapp.com
shoppra.com
sitmopanels.com
control-beta.skykit.com
www.spora.ai
platform-tools.stolwijkkelderman.nl
app.strengthlog.com
sypath.com
targetprops.com
taylormwilliams.com
techganah.com
thomashuntsman.com
timo-dobbrick.de
ultrakitech.com
www.ultrakitech.com
mobile.unikuni.com
xxnovember.v8app.com.br
tda.valais.cloud
validacionpucemanabi.com
vastgoed-nederland.nl
usergroup.viscuit.com
wasconser.com
whalejs.org
yasmin-silva.com
www.yasminhiasche.com.ar
zumradio.com
Other domains in certificate