Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=stage.apa.gaviti.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 25, 2025
Valid Until
January 23, 2026
67 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
F1:36:53:42:BF:38:52:CC:08:CB:78:23:47:63:7B:A1:B0:BB:8C:79:F9:9C:18:C6:30:B6:3B:98:7D:AF:9B:40
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
aniqhilman.sg
testing.app.cupcake.29k.org
api.abocloud.io
ajskidmore.com
www.alexanderochangelica.se
alquilerbarrosa.es
aniatranslation.com
stg.arcanagame.app
atsuta-camp.com
auditool.gr
docs.autheid.com
automatecommerce.com
spaarty.autonomoe.com
dk.bahiazul.com
linoleum-35588.bambuser.com
bayhomeimprovements.co.za
www.bisapt.com
www.blauwevlinder.be
online.body-science.co.jp
brew125.com
react.chasecondon.com
www.colmena.site
leadleader.com.ua
comelyenterprises.com
www.cyberwebconsulting.com
darshilpatel.com
deepshikhagirlsintercolleges.com
denblauwentutter.be
app.dgoncalvesimoveis.com.br
applinks.dhan.co
app.digitalguest.com
go.diveba.se
dosurvey.dospace.vn
ductai.de
enaparte-salon.fr
familynet360.com
www.federicofumo.com
staging.flogged.io
kubefrontendtest.fulminegroup.eu
staging.my.gamifier.org
stage.apa.gaviti.com
beta.greenqms.com
www.gsfm-platform.com
georoute.hughesbox.co.uk
www.ict4dsa.com
verizon-staging.ideacloud.com
iiotronics.com
www.invoicy-cloud.com
aqua-fusion-design.isurf.app
app.iworkie.com
shiftingleft.jenniferwadella.com
www.johnshortland.com
jundyservices.com
kovalsky.io
app.liner.travel
app.linqir.com
www.luxvet.lu
mabdullahjs.com
workplace.macaw-app.com
marge.health
web.mentorup.app
dev.mftembra.com.br
navatech.com.br
nftible.app
www.oligomaster.com
mackbear.portal.orwi.app
barton-brook-green.ovh.org.uk
partiupraonde.com.br
www.pattle.jp
www.petastorm.com
october25part2.pharmapointpos.com
l.pik.ru
www.plotartisan.com
progidro.ru
promitheialink.com
www.blendargout.order.pulp.eu
re-ynd.com
pasca.renju0.com
www.scanshot.app
manager.screenlime.io
sergiorollan.com
serviceman.bot
simuladoresstein.com
smaccoun.com
beta.svpernova.io
tck-santa-anita-week.com
dev-app.tepintasks.com
thestacksmith.com
thomasouvlatzidiko.gr
l.tmak.app
top09uvaly.cz
app.tourplus.my
www.toutpresdesoi.fr
preprod-share.unaide.fr
valeurdelivery.com
valoranttext.art
qrcode.vendergas.com.br
www.visque.me
vitalizebeautyco.com
www.yondemy.com
Other domains in certificate