Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.sentinel.newmont.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 05, 2025
Valid Until
March 05, 2026
88 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
43:A7:26:06:C5:38:0D:50:36:1B:86:60:A3:2A:FD:61:26:66:46:1D:16:50:90:FA:4E:09:FE:72:96:1E:A0:D0
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.tuskytime.org
acegrinding.net
actsofthechurch.org
www.almaprojectz.nl
asbestossurveysbristol.com
axyojp-test-ads-simple-web.com
dev.bridgechasm.com
bvarg.com.ar
carbex.earth
causality.io
branch.bgood.co.kr
compost-collective.com
d.cube.coupons
fantasyworldresort.dd.zone
splash.delx.co.za
claims-5.dev-ltl-xpo.com
academy.dolomiten-tennis.it
exhibitor.e-igjs.com
www.ecowetcare.com
dev.eldiario.es
event.lu
randevu.firesoftyazilim.com
yazboz.firesoftyazilim.com
dev.forecash.io
www.foroturismosexual.com
bios.g2canal.com.br
acceptance.analytics.gabismartcare.com
gaelicwizard.net
www.gfutils.com
www.hhl-tec.com
link.hs2t.com
hytechsolutions.info
www.ijoda.com.ar
imbianchino-perugia.it
www.invodigger.com
poc-fire-web01.iretweb.net
watch.itrood.com
todo.jassy.in
eco.jau.co.jp
letsdraw.jideguru.dev
kamar.blog
www.kangmingshop.com
hourglass.kettlebell.dev
www.kinagrill-horsens.dk
eu.lenstec.com
liepsna.com
www.loungemade.com
url.lovegelu.com
lowkeyhospitality.nyc
lvsb.mx
scadenziario.marcorosetti.it
www.meister-maler.ch
www.meraki-apps.com
www.mesh-innovation.com
tsg-demo.minmeeting.com
columbus.moovaz.com
www.motelpedrasnegras.com.br
sunandsnow-stage.mysmarthotel.com
www.sentinel.newmont.com
www.nolanga.org
ofsc20182019.ondagoapp.com
openperplex.com
app.outfitformulas.com
payrows.com
pdmsoftware.net
www.picloudconsulting.com
app.postmaker.io
www.pwa2apk.com
www.rebr.no
www.regenbogenweb.de
www.remotemore.com
antonio.rotec.dev
salmanappliances.com
zamowienia.sandwiczszop.pl
firebase.scaalar.com
seanmabli.com
setmyspace.com
sfhcounseling.com
socioeconomicdevelopment.org
www.starbirds.io
iam.storeroom-solutions.com
www.sufera.com
app.syodai-marugen.jp
www.syrerys.com
www.theguitarologist.com
timfirth.me
www.titantrack.com
crm.togawaengenharia.com.br
www.trartist.net
truano.cz
www.tsr-trenchless.com
william.uappe.com
www.vaxyvax.com
vcf-file-merger.com
mobile.volumental.dev
wasd-inc.com
r.withkoa.com
www.wlogistics.biz
togo2.woodoo.io
inf.dev.xflydragon.cc
Other domains in certificate