Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=heramagroup.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 23, 2025
Valid Until
January 22, 2026
51 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
50:A2:44:25:71:DF:7A:9B:B0:1B:57:BB:06:C4:08:4D:CA:FF:9C:B9:37:08:F9:4D:BB:42:EB:38:A2:A2:B0:D8
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.profesyonelcemuhendislik.com
appquant.app
demo.appteck.de
dev.asp.axalize.vn
aygeninsaat.com
dashboard.bahakeldigitalmedia.com
www.beaconccoop.com
www.beatsandbbq.de
u.cerberu.com
lp.checkcalendar.app
www.codekraftsolutions.com
leb.com.ph
makrobilisimtakip.com.tr
conasistencia.com
cowtail.recipes
bevvy-orders.crispnow.com
www.dadanddot.com
www.danielladner.com
diucampusschedule.app
doloresantander.com
www.dzconsult.com
lao.emberix.app
www.ez-tech.fr
dev-splash.ezcast.com
contratante.famyle.com
admin.firren.org
manage.france-pollens.fr
www.gaming-house.be
mobile.acc.goround.gemsotec.com
www.geobusters.co.nz
gestarapp.com
stats.hadafsports.com
testimonials.headstrt.com
heramagroup.com
humusnebs40.com
www.humusnebs40.com
app.ibscoach.org
nguyenphucmanh.id.vn
identalworld.com
appprod.incendi.io
inceptive.bio
www.inkindfoundation.org
jftmocktest.com
www.jftmocktest.com
joaqin.com
www.joaqin.com
members.jointogether.co.uk
adminapp.justonechesed.org
www.kanyaaskinclinic.com
keel.com
dash-fulfill.ktech-thp-dit.com
lexing.tech
dc.limaois.me
dmscreen.lukeyong.com
lync-app.com
madelenecampos.com
matthewschilling.com
shop.mecktonix.com
careplus.medgrocer.com
uat-shop.meprakun.com
meritmore.com
michelleaneous.xyz
beta.mixablestudio.com
mizony.com
multiplicu.com
mypbe.com
gestion.myviar.com
portal.nczgroup.com
neivi.es
qr.nfcnyc.org
nishantcoachingclasses.com
noonrocket.com
app.objectionsiq.com
www.oneassembly.church
pb-al.stage.openkind.me
roy.org.in
perfectprojet.com
pistachio-ai.com
planoraevents.com
pokeparadise-901.com
www.psilocina.it
rabbitstay.com
app.pia.rainbytes.com
my.relinecode.com
revisitcapital.com
rhino-enterprise.com
roottekpiling.com
www.roottekpiling.com
www.shikdertech.io
my.sizey.dev
app.specpal.dev
staging.app.specpal.dev
spheretravelclub.com
link.swb-gruppe.de
thebokchoyleague.com
www.vitrin.as
dev-platform.workfx.ai
workinaz.com
xara-ai.xylox.co
app.zyuzh.com
Other domains in certificate