Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.pickandchewz.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 27, 2025
Valid Until
February 25, 2026
88 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3E:3E:F2:FC:54:87:24:F6:BF:8A:D0:FE:C3:83:DE:F8:C3:64:6E:E3:37:3F:8F:4B:76:BC:DF:E2:2A:39:EF:DE
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
kurse.juradelight.com
vendor-dev.1kmwine.com
www.adrienstevens.ch
staging.agent.aeroglobe.pk
akcjareaktywacja.pl
amphoros.nl
www.anima-web.de
lpd.dat.animoca.space
appspotio.com
apstudiomixdance.com.ar
admin.aquach.jp
aranzaxvasistencia.com
arvoan.com
alejmun.ashleyy.dev
bengotts.com
bilnad.se
www.bitappsteam.com
blumeterra.com.br
admin.bunnacafe.me
www.cardetailing.fr
chaahfashion.com
clef-phytoad.clef-innov.com
www.cocktailsguy.com
codeflow.live
tv.coibong29.app
ramushrestha.com.np
www.ctzen.mu
online.cuhkacs.org
cure.systems
td.dealescale.com
www.designingtransitions.org
diarify.app
doubletimesoftware.net
egraft.fr
wp-labo.esprot.biz
fregdee.org
www.galricho.pt
www.game7.in
gatekeeperofthekeys.com
hexango.com
www.hexango.com
horlick.me
nmgbao.id.vn
idrisslatewala.me
www.jarkevaajoukkoliikennetta.fi
joelalen.dev
www.jsonbhai.site
manager.jukumiru.net
www.karanja.xyz
knops.at
www.kvide.eu
basketball.lacrosselab.xyz
media.lpkmedia.com
mail-kompass.com
tread.matthewbeandev.com
www.mickvangelderen.nl
moolyank.com
www.moolyank.com
live.mrbugi.app
pic-betsafeontario.mentor-na.neccton.com
playrr.neea.dev
neue-rechte.org
outflank.com.au
sitetracker.pave.com
www.pickandchewz.com
pilnymartin.cz
salgskompagniet.app.playyourstrategy.com
www.portboard.com
psnchillers.com
pullotexpress.ma
ayuda.rappi.com
www.scoop.video
segurosmais.net
connect-dev.shoutugc.com
social-console.shoutugc.com
sicheronline.com
www.simpledartsscorekeeper.com
sinewavetech.in
app.smaforetagsbyran.se
www.sparkhousedigital.org
relookyourkitchen.speakylink.com
sysadmin-staging.staffshift.com
invite.streakmatch.com
tatamatkabazaar.com
www.teabench.in
teambbs.in
beta.app.thecoin.io
southampton.tieredtech.com
timpinetherapy.com
tribified.com
ubiforecast.com
unea.app
www.usp.center
washmecleanlaundry.com
alpha.weezer.fr
whilesoftware.com
dot.witeseb.website
dlbs.xlntapps.com
flags.yoojongwoo.com
go.zikup.fr
Other domains in certificate