Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=admin.blotch.app
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 17, 2025
Valid Until
January 16, 2026
52 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
D4:AA:90:68:4C:0F:29:D4:A6:80:5F:CE:EC:19:23:BB:ED:D6:CD:94:10:FE:F7:45:BF:07:A6:CA:D9:89:F4:B8
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
cmckenzie.net
22-energies.com
5starsdentistsbooking.com
www.abhilashglass.com
adastraperamorem.no
alanmg.com.ar
app.aquatime.dk
staging.atacana.it
delta.ballycommane.eu
beauty.bambumeta.software
basecontrol.dev
thoughts.benjaminali.com
find.bestcitycard.com
admin.blotch.app
buguiapp.com
entrant.businessenergyawards.ie
bytaespacios.es
portal.cheetahdigital.dev
www.cipay.com.br
cnt.app
madurai.yazhdroptaxi.co.in
fleet.heliot.co.th
www.coelum.es
criatorioduquesalles.shop
deganarte.com
www.degenmoonfrens.xyz
www.develooperkit.com
ecapps.tech
www.emailturtle.com
www.exidevs.com
figure-model.art
link.gbm.com
app.gleactest.com
admin.goruckit.com
www.grigri.dev
protect.hearsafe.app
tecon.id.vn
imthejungler.com
indulgencenailbeauty.co.uk
invisguardinvisiblegrills.in
angel.is-a.dev
jobsa360.co.za
jobyanga.com
news.lumman.is
v2.marlim.co
marquezveiculos.com.br
mathurlawchambers.com
melo-grano.com
mistrzkupowania.link
www.mondossier-canada.com
monotone.com
web.mt-analysis-tool.com
www.myloverr.com
auth.wilo-compliance.next-audit.de
www.nikdaijai.com
www.oldowan.uk
www.osbornedoggrooming.co.uk
pacstac.com
pastaathome.co.uk
app.plasticpatrol.co.uk
platora.app
harry.qbit.industries
www.queennails.studio
www.renovatebro.com
www.responsivehr.com
www.ridabatool.com
www.riderhub.com.br
www.rodsotocje.si
royceubando.com
salmanfoundation.com
doc.tameshiba.sci-co.llc
www.searchandconveysolutions.co.uk
app.sellersflow.com
my.serviz.fi
shadeai.ai
sheptitskiy.ru
why.shouldi.guru
sinhhoathuongdao.com
app.sobat-akreditasi.id
statewideroofing.net.au
app.sugarfromorigin.com
www.thebackroomsgame.com
theisaiah.com
realtime-demo.tokenhouse.dev
central.tosaindo.com.br
tryonematch.com
admin.tuhogar.com.co
www.uludi.com
www.uridiumgroup.uk
vegaoctava.com
www.vfxjobs.com
mhd.vojtechstefek.fun
pcrm.vuedale.com
prototype.vysioneer.com
business-manager.webbrainsmedia.com
www.whats-it-like-to.com
www.wholesane.com
wizy.io
wotar.org
kabuboni.zaoletu.com
Other domains in certificate