Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=www.sunnyai.net
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 21, 2025
Valid Until
December 20, 2025
40 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
ED:CF:BA:53:19:5E:E1:BB:E2:79:76:0A:66:DC:5C:10:13:F2:7E:37:50:D0:E7:CF:68:49:B4:92:99:17:4D:6B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Wildcard CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
yourdaily.health
pipe.inspection.3pi.co.nz
agamela.com
ws.alovesupreme.co.za
www.ampbackend.com
www.ampstart.com
www.ananas-creation.com
creative-demo.assaycr.com
www.augrai.com
www.baws.cloud
www.invoice.beecomm.com
bioaxis.co.za
www.blog.byhannahliu.com
qa-bookings.cabinzo.com
qa.cabinzo.com
cdbx.ru
conjugation.ch4vi.com
visionarymarketing.co.tz
beta-v2.coachy.io
too-oilandgas.com.kz
manage.aprisa.com.tw
cottageandmanor.com
www.creec.cn
crimsonbuck.com
datingparels.nl
deenergiebespaarders.nl
www.digitaleratechnology.com
digitalknow.how
drilens.dev
www.elektrolibera.jp
faizal.pt
geodemo.fieldsight.io
firststreet.io
www.fitring.nl
www.flenr.com
buzz.b.fnbees.com
app.getquizme.com
1bossco.bataan.gov.ph
grimp.site
hedragarden.com
yew-app.doodle.heektime.heek.kr
www.irvingrunningclub.com
www.ise-advertising.com
vaulttune.jcamille.dev
www.kathleenstout.nl
kayamata.nl
krishami.com
www.lastresortinc.com
legevakten.net
card.linkcard.app
www.marroquinbarber.com
www.meirellesc.com
mkgsconsulting.com
bank.multtipay.com.br
neucowork.com
www.newportboatparade.com
ecosmax.onlinedst.com
bso.webbuild.org.ng
oriaskep.hu
auth.pachama.com
andriessen.pensioenbij.nl
operations.pittsburghpublicsafety.com
controller.pokerleague.co.nz
link.powl.jp
www.reich-tec.de
www.riversidemotherfucker.com
www.rust-cursus.nl
santa-hawks.gr
sayyeetay.com
calculateur.scuderoni-avocat.fr
tools.sdgalign.com.au
servigasodomesticos.com
shimmersweets.com
showavill.jp
stancilventures.com
boost.steadypay.co
app.studentopportunitycenter.com
www.sunnyai.net
fm-generic-kiosk.supersonic-fm.com
talk-health.co
link.debug.race2020.teamraise.app
next.teom.it
texcellencecorp.com
www.thutopeleacademy.co.za
admin.tickazo.com
www.tilak.io
app.tiptraxx.com.au
true.deals
tudonotabuleiro.com.br
vincentogloblinsky.com
vocalride.com
vudacom.com
pwa-vue-app.wallville.com
demo.weworkshops.com
www.what2w.com
www.wheretheroadmapends.com
www.willowlabelmm.com
key.yashanand.dev
ywait.at
node.aptos.zvalid.com
Other domains in certificate