Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=mamanugget.broccolirecords.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 11, 2025
Valid Until
January 09, 2026
36 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
B9:C7:3D:BB:88:C2:F9:D7:A3:95:D6:D9:82:8C:4B:E0:12:35:E3:EC:6F:06:2B:53:4D:1F:24:77:7B:E9:2B:07
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.thebflawfirm.com
andre.how
arborea.studio
go.avada.io
dlinkmsil-cug.bajajfinservsecurities.in
ballin3leagues.it
bancodehoteles.com
www.banxpayment.com
www.banyardifa.co.uk
bcl.dev
breakinsoft.com
mamanugget.broccolirecords.com
admin.buyframefitness.com
charliefacts.net
www.clinicsbbinternational.com
www.812sunmoon.com.tw
app-dev.commnia.com
copycut.it
auth.fhlbb.cyberhaven.io
beheer.despil.eu
www.docspaceai.com
jfrn.drtis.com.br
www.dyno.jp
test.portal.easyrecon.co.za
admissionlists.ept911.com
dev.eurika.fr
estimate.everylimo.io
ed2sc.expressdecision2.com
fluxusestates.pl
focusi.app
portal.freedom-bpo.com
gdgkc.org
link.getmoni.io
www.grumpyranter.com
grupal.es
beta.imagarena.com
crab.iot.in.th
indigoenergizer.com
ubicatumodulo.ine.mx
ityh.com
alani.jordanmars.dev
www.jordantreeservices.com
test.justgoal.lol
kabzathechef.co.za
dev.portal.kardia.no
omopalkmaar.katalysatorduravermeer.nl
www.sokkademakers-leerkosten.katalysatorduravermeer.nl
kingcrackers.in
aiep-predev.klarway.com
lifeisagame.one
www.linkleen.com
famboard.litapplications.com
dashboard.littlebeespeech.com
lrtag.com
lysningdigital.com
app.mastercfa.com
bgm.meinevitabilanz.de
fb.metamenu.com
momeneen.com
equitybank-apply.money-phone.com
www.mydearestlovefriend.com
www.nas-ksa.com
safari-puzzle.neon-gas-labs.com
www.nicholashucal.ca
challenges.novos.gg
www.odchq.com
dl.okara.co
vesteralsbetong.ordreplan.no
orchid-app.oz-tms.com
asuka.pedidomovil.es
wpplabor.pensioenbij.nl
flip-around.pradeeplabs.com
www.publicsquareventures.com
qiyfoundation.org
www.rewio.in
www.robdimarco.com
unm.dashi.staging.sasaki.com
www.seandodson.com
www.sherangt.com
shreecabservice.in
www.shusmo.io
archeckin.sk-global.biz
www.spicyleb.com
www.spokesandneedles.com
ashsdhsaascratch.sqwadhq.com
firebase.stevengoodram.co.uk
app.stoomp.io
www.sushant.uk
notaria.tallylegal.io
status.tatamiserver.com
techokids.com
staging-accounts.thinkinvoice.com
base.timwork.kr
www.tomhibbers.com
staging.tryworktabs.com
www.unifytech.com.au
password.vvip.team
ebrochure.psc.whizzstar.com
www.zchub.cn
zq-tech.limited
Other domains in certificate