Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=auth.stg.unthread.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 21, 2025
Valid Until
February 19, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
9C:C0:E5:FF:04:B3:B5:7C:5A:BB:B5:E7:8F:D4:81:D0:5B:07:72:34:36:4C:68:FA:2F:C6:9C:A4:71:C7:C9:A4
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
dev.pop.com
2022.sleepsuperconference.com
drift.3diq.com
www.aaronguzman.com
www.adigify.com
auth.alcove.co
yolo-staging.animax.eco
test.appsism.net
www.pixelart.arcuilo.com
app.babbels.nl
padeirinhos.beholdit.pt
www.bengalexpress.co.uk
www.bergenforukraina.org
ax.bienparabien.dev
ladxr-tracker.bingothon.com
cangrejord.com
shareplace.cartermoore.ca
codefigure.co.uk
www.codefruits.com
inpenapp.staging.companionmedical.dev
dapic.eu
funny-ecards-service.html5.emallstudio.com
www.ereseta.ph
staging.fairmus.com
fatlittlebuddies.com
login.test.fingertips.in
sale.forgottenchain.com
dev.tooling.futster.io
ganaholdings.com
www.grafity.dev
www.haidangnguyen.de
kuretake-inn-nayabashi.s.hotekan.com
islandismusic.com
jodifranklin.com
jtschwartz.com
www.surveys.k-9apps.com
invoice.stge.keap.page
www.kenshir0f.com
portal.key2access.com
www.kidzideaz.tech
www.kreditium.dk
labarra.co
language-input.com
laynered.com
www.lemons-asmr.com
admin.logisticshield.com
www.maplerope.com
app.marahplus.com
hochzeit.mertes-lieu.de
metaverse-biz.site
mifandeamor.com
miveratech.com
auth.om.monks.cloud
mydoremi.co
www.mymloks.com
nd6tech.com
neckerbauder.de
notas.niedermayr.tech
www.nocobrands.ca
nrsmagic.com
oyatokoshindan.com
www.pack312miami.org
paperwaytrading.co.za
beta.pavepilot.ai
kyawgabar.piticommerce.com
sweetdecember.piticommerce.com
dfds.planeringstavlan.se
pluslife.app
www.pollen-map.com
www.prashanthkotianphotography.com
printkart.store
refillatwork.progenycoffee.com
promotition.com
rbshoa.com
rentrollsoftware.com
bitra.run.place
shitloadofdimes.org
simplymove.app
snapauto.ro
tarof.dev
www.technebula.dev
r.telesense.app
tenhacasa.com
face.thai.run
www.therealpablo.com
www.tillhub.at
ideabank.tinkertech.dev
app.tiptraxx.com
tomasradic.com
tornhult.se
ttm-mep-cloud-stg.firebase.trimblemobile.com
truellista.com
uchirepi.com
auth.stg.unthread.io
www.vaagaiwelfarefoundation.org
www.valorihomes.com
www.verynicegradients.com
watame.fans
yamaneko-takuhai.com
yanhooligan.com
Other domains in certificate