Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=instore-staging.pubq.se
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 11, 2025
Valid Until
January 09, 2026
60 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
33:78:00:DB:04:29:D7:A4:DE:BF:70:79:BE:87:D0:13:82:C4:31:D2:7E:6F:68:DD:AF:AE:84:84:87:76:6F:55
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
lemniscale.com
fb.12bay.vn
www.1mark.work
og.1stmain.co
tecnoid-trabajador.a2system.net
www.africaqualitysourcing.com
alexshaw.tv
studio.arkeis.tv
artandall.live
admin.atlaserp.com.br
bobuhiro11.net
cailean.tech
auth.centercheck-stage.com
www.chimswinetastingevents.com
clef-phytoad-va.clef-innov.com
api.climatesens.com
tahlil.centro.com.tr
cristobaldiaz.cl
cryptojyotish.com
www.csadigitaldashboard.com
curtaincall.app
cxode.com
danielfewell.com
www.deci-bel.com
lnh-ops-5.dev-ltl-xpo.com
mappdeeplink3.devpress.net
dexterawoyemi.com
chat.dheeraj.work
digitaldynasty.art
diniztomas.com.br
uniben.dev.portalcliente.divitech.com.br
dkaufzugstechnik.de
dons.live
db-uat.eclipx.xyz
www.edgeservers.biz
www.efficientsolutions.com.mx
flocking.evos.studio
www.fountaininnla.com
funee.jp
anagrafica.gestionaleconsumatori.it
kbmobile.globaleur.com
gscps.com
app.hybridstep.com
instaair.io
www.interlox.com
affl.invezt.in
javacw.pt
www.jet-91.com
jugasalfutbol.com.ar
tajglass.kuruvi.app
test.l7bear.com
lexcraft.eu
lmaoo.wtf
pro.lonvi.com.br
www.lotteryofbabylon.com
www.marvil.cz
app.matclan.com
metrodip.com
miracl.cloud
www.moonwalkerventures.com
muftiyasir.com
natcg.at
qr.nowait.kr
webinars.okfelix.com
resumes.orangit.fi
outthegc.com
pentagon.partnerhub.co.za
quiz.penieltabernacle.com
perfecttablettools.com
www.petalspharmachem.com
www.plenavidabeneficios.com.br
pocodosucuri.com.br
podcastediting.hu
admin.ponlaya.com
billing.posible.in
l.presight.io
instore-staging.pubq.se
www.rashigandecha.com
cms.redkiwiapp.com
admin.rocery.in
rushowl.sg
salonjosie.com
www.satishnambisan.org
www.sicobphle.com
votorantim.hml.sigaonline.com.br
staging.socialchat.id
soft-cloud.org
sport-sindikat-glosa.si
woombat.stepinsight.com.au
auth.hangtime.stevie-ray.nl
www.storyarchitect.app
thesattvatech.com
www.thornzfitness.com
topfishingnetwork.com
try999.com
www.ventureboost.ai
waseda-juken.com
wearestint.com
yaroslavkravchuk.com
www.ziria.in
Other domains in certificate