Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=goerli.staging-portal.zksync.dev
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 04, 2025
Valid Until
January 02, 2026
47 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5B:3C:AE:22:DD:DE:D3:36:BF:03:9D:A0:EC:78:4A:9B:EB:21:89:DF:A6:B5:17:4C:58:62:BB:E3:84:C7:8C:45
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
jug.im
a6labs.co.uk
aerostar.app
one.aglive.com
aoki.com.ar
apeaceofmindpc.com
app.aptitudeclinical.com
comply.arketiks.com
aurapoints.ai
basegio.dev
app-staging.bestselfy.com
bitcoinrekorkirdimi.com
login.canvasland.io
castellio.de
get.chairside.app
claimsolution.com
cbaconstruir.com.py
cdmedia-albania-staging.contentcard.com
app.contentdistribution.com
www.cresus.io
dariodifelice.com
signature.diwala.io
doathing.app
www.dvirk.com
tgbuilding.equiem.mobi
www.farmkb.net
links.ws.feamzy.com
open.fonoface.com
futuredevs.club
garciacodes.com
auth-dev.gardenr.com
devfest.gdgstrasbourg.fr
www.genuus.industries
glams.ai
www.gofurtherconsulting.co.uk
guillaumegustin.com
www.himanshu-sharma.com
www.hubotik.com
cloud.infinitesignage.com
insured.fyi
resumensaregrupomexico.inter.mx
resourcebank.internationalsnetwork.org
demo.jawntpass.com
jeography.net
www.jipstudios.com
solitaire.korlab.team
openpgpkey.ksc91u.info
www.liberty-tips4.com
tv.linkbong12.com
www.literaturelounge.org
www.lostnfoundpetshk.com
accounting.marketgames.io
markthomasstevenson.co.uk
sellerportal-admin.maxsold.com
portal.mcom.app
www.mein-klassenzimmer.ch
evolt-admin.mercil.app
www.metercheck.co.za
qa.mezo.io
www.mikeparsonsink.com
www.morelli.uk
www.nagyjenoovoda.com
chat.nakalua.com
app.nanoclosings.com
app.onepay.cl
onigiri.pizza
pa-sase-ft.qa.appsvc.paloaltonetworks.com
utknotes.pisaucer.com
services.pneuma.care
project-nagi.com
pronobisml.de
qisy-development.se
app.dev.reflow.design
www.reverse.vc
www.ricardosantos.me
rounakjha.in
app.saleswriter.io
www.selangus.be
www.servicescape.io
login.smartdigiseva.com
www.sphverse.com
app-kirindo.stailer.jp
portfolio.studio42dev.com
talkmesh.com
www.thetalkative.uk
totely.in
ulfo.it
www.veriforever.com
vocalbrain.com
cadeau.voormerle.nl
infobip.legacy-sms.sandbox.voyagernetz.com
test-admin.whitbeybailieproperties.com
app.wisplice.com
www.withme.to
ranet.wowdesk.jp
yakavenka.com
app.zentime.io
goerli.staging-portal.zksync.dev
api.zomfast.com
alpha.zonotho.com
Other domains in certificate