Open
Cached
·
just now
86/100
SECURITY SCORE
Certificate Information
Subject
CN=www.papaya.camp
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 29, 2025
Valid Until
January 28, 2026
30 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
17:84:0D:61:69:29:11:F4:E7:5D:AE:8B:10:6B:4C:D1:E5:5F:86:38:F4:2C:95:F8:2F:C6:F0:F6:85:9C:0A:75
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Basic
default-src; prefetch-src; connect-src; +6 more
default-src 'self' https://api-staging.setkeeper.com https://staging-api-1.setkeeper.com https://staging-api-2.setkeeper.com https://staging-api-1.setkeeper.com https://revolutiones-setkeeper-staging-documents-eu.s3.amazonaws.com https://revolutiones-setkeeper-staging-document-output-eu.s3.amazonaws.com https://revolutiones-setkeeper-staging-message-images-eu.s3.amazonaws.com https://revolutiones-setkeeper-staging-document-output-eu.s3.eu-west-1.amazonaws.com https://revolutiones-setkeeper-staging-message-images-eu.s3.eu-west-1.amazonaws.com; prefetch-src 'self'; connect-src 'self' blob: https://api-iam.intercom.io https://ip2c.org https://viewlicense.adobe.io wss://api.appcues.net https://api.giphy.com https://staging-api-1.setkeeper.com https://api-staging.setkeeper.com https://staging-api-1.setkeeper.com https://staging-api-2.setkeeper.com https://revolutiones-setkeeper-staging-documents-eu.s3.amazonaws.com https://revolutiones-setkeeper-staging-people-attachment-eu.s3.amazonaws.com https://revolutiones-setkeeper-staging-message-images-eu.s3.amazonaws.com https://revolutiones-setkeeper-staging-document-input-eu.s3.amazonaws.com https://tracker-staging.setkeeper.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com wss://staging-api-1.setkeeper.com wss://api-staging.setkeeper.com wss://dev-api-1.setkeeper.com wss://staging-api-2.setkeeper.com wss://nexus-websocket-a.intercom.io https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com; font-src 'self' data: https://cdn-int.setkeeper.com https://fonts.gstatic.com https://js.intercomcdn.com; frame-src 'self' blob: https://intercom-sheets.com https://accounts.google.com https://app.hellosign.com https://content.googleapis.com https://docs.google.com https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://revolutiones-setkeeper-staging-message-images-eu.s3.amazonaws.com https://acrobatservices.adobe.com https://*.appcues.com; img-src http: https: data: blob: https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net https://cdn-int.setkeeper.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://fast.appcues.com https://accounts.google.com https://js.stripe.com https://api.dmcdn.net https://apis.google.com https://cdn01.boxcdn.net https://js.intercomcdn.com https://maps.googleapis.com https://s.ytimg.com https://s3.amazonaws.com https://ssl.google-analytics.com https://widget.intercom.io https://www.dropbox.com https://www.google-analytics.com https://www.youtube.com https://*.appcues.com https://*.appcues.net https://acrobatservices.adobe.com https://cdn-int.setkeeper.com; style-src 'self' 'unsafe-inline' https://cdn-int.setkeeper.com https://fonts.googleapis.com https://*.appcues.com https://*.appcues.net https://fonts.google.com; worker-src 'self' blob:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
app-staging.setkeeper.com
elections.24heures.ch
azek-cert.3dcloud.io
app.agertech.it
aylee.co
asturias.bitmind.mx
www.brianjwoodbury.com
link.shop.brightspotmrkt.com
www.bydesign.email
inventory.cleanportsmouth.co.uk
www.codewired.me
hashlist.comets.kr
commun.me
www.couleurquiz.de
uidev.cove.io
app.darkgps.com
www.datafenix.co.uk
datalabeling.eu
platform.dev.daylybread.com
demt.co
dotpict.com
www.entremind.cl
eventlapse.io
familyfresh.club
www.fbarcellos.com.br
www.filmsreel.com
flowtapes.com
www.gaser.com.mx
pg-colosseum.hackforplay.xyz
happy-dental.eu
www.happybati.fr
hello.hideandseek.world
hornisnezna.cz
hoseasims.com
app.imoveisuniao.com.br
inspirefamily.org
jackfitterer.com
feedback.kfz.website
uptime.khatoco.com
kubikon.pl
www.liambarracksoftware.com
staging.learning.lightbath.com
www.mapatalks.com
webportal.marinwildfire.org
personnaliser.monzaya.fr
relocation.movemytalent.com
www.myprescriptor.com
app.myworkdb.com
aldan.nurzen.group
www.oasis-scantrad.fr
www.onframefilms.com
www.papaya.camp
auth.parkingcupid.com
www.pavon.agency
app.principeum.co
acc-link.propertyloop.co.uk
test01-link.propertyloop.co.uk
test03-link.propertyloop.co.uk
www.pythonisrad.com
non-profit-verification.qrtrac.com
demo.quakerproject.com
book.appt.rapo.app
victon-album.re2fe.com
rndm-bmx.com
www.roboticdonut.com
rootxplore.com
royaldrop.org
samuelblackburn.com
save-koharu.org
scottmsarsfield.com
seattlerudram.org
www.see-platform.com
service.ceo
www.api.show.tours
singhsaurabh.com
hashikami.softcomp.jp
deeplink.startse.com
storycruzfilms.com
tracpicprod.stylishop.store
www.taylorsversionforspotify.com
admin.teker.ai
www.thattilandco.com
theblumemethod.com
www.tillip.com
tokimuniti.com
www.tombonney.co.uk
www.touchingtheart.app
www.triojam.com
tts-playground.app
adroguerunning.turnosweb.app
www.usac.app
join.useaccord.com
www.vacatube.com
discussion.whigh.co
wizzeh.com
www.ycskerb78.com
ycskerb78.com
www.zerothkey.com
admin.zoila.cl
leeway.zympl.xyz
Other domains in certificate