Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=smile.samschmitt.net
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 24, 2025
Valid Until
January 23, 2026
60 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
99:27:47:55:F7:54:E0:2C:F2:CA:3A:6A:D7:26:E6:EF:4C:23:E1:23:1F:55:00:0E:3E:70:37:D9:1E:05:84:75
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Basic
script-src; object-src; base-uri; +3 more
script-src 'report-sample' 'nonce-GQPzPlv-SD3ZkXNYtHW2bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Present
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
dynamicprodapp.film1.nl
1nspirationdigital.com
www.30seclearn.com
acaciateam.com
akebono-discoveries.com
staging.admin.allefolders.nl
andaraseguros.com
www.askinnovations.net
bib-pfizer-25.axon.es
www.balulajka.hu
jeu.baristacafe.nc
amz.bioschwartzoffer.com
app.brainjo.de
crypto.brian-poole.com
www.brightserve.org
digifypro.bytekast.io
ccarroll.dev
resourcecenter.circadence.com
citizenfinder.info
cleanjson.com
insiders.clearpathpaper.com
www.climateactionnarbs.org
online.suds.com.ph
www.crgruas.com
cultofmartians.com
cyvali.com
danatbazar.com
www.dayj.io
developdenver.tech
cc.devmaycry.com
digitalsoulution.com
dikson.com.co
www.dmdmusic.org
www.drdps.in
u.dropxlogistics.com
www.imaginate.edu.sv
bingo.eni-eni.com
mobility-map.entur.org
eventa.id
frbs.feelsart.ai
fitrelated.com
portal.forexlens.com
geo-notes.com
gonalara.com
staging.granica.io
hiverecipes.com
homekids.com.ar
www.ideotipo.org
www.iotbay.in
jacobburnstein.com
jilatnihya.pro
jitic.nl
jwvdh.nl
kccameroon.com
keenuts.net
keeth.me
www.kevin-haustein.de
kimbabcheonguk.ca
colostate.app.konch.ai
www.kreativepeeps.com
kuwais.sa
app.ladybidwell.com
guidestaging.lithodomos.com
teresa.macri.ai
www.mandlowitztraining.com
www.maskot.io
mazurekstudio.com
www.micuentodigital.es
mugibaku.com
mummoku.com
plixelmud.apps.mutecolossus.com
www.mythrill.app
apollo.n42.company
www.apollo.n42.company
unitforms.nedair.nl
app.dowell.net.ar
nuvolt.io
www.leo.org.in
originof.live
costco.parkalot.io
rc.petleo.app
poached.tv
edu21-beta2.prontosolucoes.com.br
www.redpumpkin.hu
www.regionsoilandgas.com
rer-a.fr
www.rgb.au
smile.samschmitt.net
www.seller-systems.com
situationcd.com
www.spoton-education.in
streamclub.app
l.suerte.studio
www.szerepcsere.com
teaminglis.ca
texnique.xyz
jolanda.tielens-aarts.nl
dashboard.timetri.app
demo1.ultof.com
certz.zac.ac
Other domains in certificate