Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=cdn.blotch.app
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 21, 2025
Valid Until
March 21, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
EE:EB:D5:82:E8:95:CD:51:72:1C:F4:1B:49:8F:9A:14:80:92:52:73:0E:4A:A4:0C:6F:F8:8B:48:C3:C5:0D:3D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
dcardsearcher.cardbox.sc
gfm-room-visualizer-test.3dcloud.io
a24dbs-management.a24group.com
www.acini.pl
marketing-insights.additive-apps.eu
www.agonoodle.com
aikorawpetfood.com
algisipetcare.ch
anurag.ch
www.apartamentyamber.com
arvoredodotripui.com.br
api.avonhealth.com
gamesadmin-jpj-devseoul.bagelcode.com
bansinaramanah.com
base64converter.xyz
benluc.as
bingfolio.com
www.blanchielaundry.com
cdn.blotch.app
publish.bookbites.com
www.budgetina.net
businessriver.buildingoftheyear.ie
www.bulletn.co
birthday.camden.dev
caobao.dev
cbdata-test-kiosk.cbdata.cz
rate.clean.centerstone.ae
ki-walls.chrisrichter.dev
app.classy.menu
clients2commercialproperties.com
cliquesolidario.com.br
www.clivedesigns.com
www.cloudkeeping.info
www.iampregnant.co.il
colinterry.me
app.craftkart.co
custommat.ca
rts.daneren.com
web.farmerjoe.com
farmersmarketwichita.com
fasterstrongermedia.com
ferienspiele-rothenbergen.de
flincard.com
flygotaxi.com
frogmonster.net
fullylighttravels.com
go4sledge.co.uk
package.gointerop.com
dnd.henrykruell.com
hilahandben.com
cv.truongngochai20225309.id.vn
idle.florist
jumpmasterstall.jingjietan.com
keithdavies.ca
netwerkapp.kn-app.com
l-el.dev
www.lamafiatech.com
lapostoj.fr
test-app.logmonster.net
inschrijven.marktcom-beek.nl
shiva.meetshepherd.com
www.michaelthegenius.com
auth.staging.milkywire.com
auth-stg.milocredit.com
www.mqtsuo02.dev
www.mysimpleproject.com
nadeeja.com
nsksrc.com
complaint.oliversoft.net
beta.partner.orendafinserv.com
parkpixie.com
app.peruse.app
poppyplaques.co.uk
v1.preveenraj.com
proctosurgicalhospital.com
dashboard.qualdesk.io
www.quickbuildnew.world
ricobeti.ch
rizmal.si
www.rndm-bmx.com
rushhour.co.za
dynamic.safe-app.net
stg-app.scandinavianmarkets.com
sim.aerogroup.sch.id
schmetterlingschule.de
retine-qc.sentrex.com
www.shreyandaanchal.com
admin.shsreport.com
speakingathome.jp
invoice.admin.spirepos.com
www.sprinzo.com
www.ssajapan.com
disney-coloring-world.storytoys.com
dashboard.sugoo.jp
taktikom.net
inventory.traxsmart.in
www.uhloop.com
docs.whatsuy.com
ricevimenti.wired-shop.com
www.zoemixon.dev
Other domains in certificate