Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=ca.ksug.ai
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 27, 2025
Valid Until
January 25, 2026
65 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
77:4D:36:25:D5:E2:12:BD:0D:32:A0:56:AF:1C:BD:A7:87:6D:77:60:53:4D:56:E5:E8:61:D4:0E:4D:FB:43:74
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
zerotools.dev
15minuteman.com
link.5f.tours
osaka-africa-business-forum.adnjapan.org
arkeis.tv
artbykyle.xyz
beterfuture.com
www.bharatdesignershow.com
buddystudy.co.za
decathlon.cleanbox.co.il
modern-trans.com.ua
creativelegalsolutions.in
arktis.crime-cases.de
danielecaviglia.it
www.ehtmanager.com
embeddedconnections.com
ensiney.com
examkoala.com
www.fgvw.nl
www.fineants.co
fireclicker.net
www.flipword.io
3457-k7.gamefp.dev
gamezer-x.pw
www.gas-igt.at
www.geodrive.co.za
geosinclinal.net
gloriawang.design
www.goudenrakkers.nl
heonaliu.com
www.heonaliu.com
mintpass.hereaftertheart.com
hexaigroup.com
hintprint.net
www.iibelieve.com
app.infaque.com
innow8apps.com
be-there.isprima.nl
tirunelveli.kishoredroptaxi.com
tools.kjc.dk
ca.ksug.ai
capa.ksug.ai
cba.ksug.ai
cka.ksug.ai
gk.ksug.ai
hk.ksug.ai
in.ksug.ai
kb.ksug.ai
kca.ksug.ai
lfcs.ksug.ai
otca.ksug.ai
ph.ksug.ai
sg.ksug.ai
uk.ksug.ai
us.ksug.ai
us1.ksug.ai
zoom.ksug.ai
www.l2sporttraining.com
ltriptravel.com
halychyna.lviv.ua
www.mccargologistic.com
moonpetcity.com
nanocrossword.com
www.nanocrossword.com
nexiviongroup.com
www.nexiviongroup.com
program-cdn-firebase.ostrakon.cz
admin-test.pneusys.cz
dave.pooptune.com
prismantap-nar.com
chatengine.proxtera.com
www.qseal.tech
beta.quartzmath.com
sew.quesmatic.com
riftcode.io
royalgameofuronline.com
docs.simpz.id
skillsmatter.in
sofalounge.site
www.splitride.taxi
www.spoxi.es
stepses.com
www.stjudecabinetry.co.uk
redirects.svbk.it
link.thechase.app
thetabnews.com
thetalkofthepast.com
prosquare.tiro.health
usemero.com
www.vertexarese.it
visual-graph.online
demo.vocadesk.com
www.waltervalencia.com
applinks.welcomepickups.com
biker.wemoscooter.com
snippets.wilbertzgroup.com
winningbase.in
worstpractices.dev
cafesito.wuiquique.com
xibalbarockfestival.com
Other domains in certificate