Open
Cached
·
just now
83/100
SECURITY SCORE
Certificate Information
Subject
CN=wojas-bazgrolety.pl
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
January 13, 2026
Valid Until
April 13, 2026
84 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C5:D2:DF:F6:73:7A:39:B9:64:DD:18:62:8C:4E:BA:F3:E3:08:F5:51:EA:2B:A5:79:C9:DF:E9:27:DC:84:7D:DE
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Basic
default-src; prefetch-src; connect-src; +6 more
default-src 'self' https://prod-api-2.setkeeper.com https://api.setkeeper.com https://melusyn-prod-document-output.s3.amazonaws.com; prefetch-src 'self'; connect-src 'self' blob: https://api-iam.intercom.io https://uploads.intercomcdn.com https://ip2c.org https://viewlicense.adobe.io https://api.giphy.com https://prod-api-2.setkeeper.com https://api.setkeeper.com https://melusyn-prod-documents.s3.amazonaws.com https://melusyn-prod-people-attachment.s3.amazonaws.com https://melusyn-prod-document-input.s3.amazonaws.com https://melusyn-prod-message-images.s3.amazonaws.com https://tracker.setkeeper.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com wss://prod-api-2.setkeeper.com wss://api.setkeeper.com wss://nexus-websocket-a.intercom.io https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com;; font-src 'self' data: https://cdn.setkeeper.com https://fonts.gstatic.com https://js.intercomcdn.com; frame-src 'self' blob: https://accounts.google.com https://app.hellosign.com https://content.googleapis.com https://docs.google.com https://www.youtube.com https://www.dailymotion.com https://player.vimeo.com https://js.stripe.com https://intercom-sheets.com https://acrobatservices.adobe.com https://*.appcues.com;; img-src http: https: data: blob: https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tracker.totango.com https://js.stripe.com https://api.dmcdn.net https://apis.google.com https://cdn01.boxcdn.net https://js.intercomcdn.com https://maps.googleapis.com https://s.ytimg.com https://s3.amazonaws.com https://ssl.google-analytics.com https://accounts.google.com https://widget.intercom.io https://www.dropbox.com https://www.google-analytics.com https://www.youtube.com https://*.appcues.com https://*.appcues.net https://acrobatservices.adobe.com; style-src 'self' 'unsafe-inline' https://cdn.setkeeper.com https://fonts.googleapis.com https://*.appcues.com https://*.appcues.net https://fonts.google.com; worker-src 'self' blob:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
login.setkeeper.com
services-portal.5inline.io
gb.foresight.adgile.media
pa.analyseredskab.dk
link.andray.xyz
shop.anytag.tech
worldwine.appshare.com.br
appvendere.com.br
ashqapp.com
www.basarugur.net
benjmann.net
dev.app.bgcwolfcreek.com
blackmird.nl
hourhive.bluewings.in
app.bundchenarquitetura.com
ca-360.com
mms.captivate.games
cartofight.com
github-topstars.cawpea.me
jangkar.fgi.co.id
havn.co.in
clinicdata.co.kr
link.codama.fun
auth.coifflib.com
conceptotecno.com
connectsocial.me
drivetrack.dakshesh.dev
link.dancyco.com
devtiwari.de
domeds.es
duey.org
fci.uteq.edu.ec
p2igtest.emt.cl
m.fabcars.com
fit-match.co.uk
aisharing.frontline.rocks
girosdedinero.com.ar
goa.live
hometragop.vn
lehuunhan1208.id.vn
imipgroup.vn
invasset.app
account.investably.io
issin-sougyou.com
www.jcspgh.com
jickuwait.com
www.jmkt.digital
www.juliushenke.de
k-k-d.moe
www.katpark.me
menu.keralatiffin.com
www.littleflowerspendurthi.com
www.app.livestocktransportnation.com
apps2.lumapps.link
luuvan.site
marian-klose.com
muronix.in
mycalc.org
newjerseyfoundation.space
pablomiguel.com.br
padelistics.com
privacypolicy.panchalsonar.in
www.peerly.dev
perversetraverse.com
www.petersondalyfarms.com
quizgamepro.pixofun.com
mieapps.pp.ua
id.author.questiory.com
www.redboxpizza.com.br
www.redsols.us
salonsign.io
saveforlater.pro
ga4conf.sem-technology.info
smartplan.no
solasun.vn
reviews.sovae.de
www.spacexdata.info
spotpay.eu
sridwarakadheesh.investments
virudhunagar.ssddroptaxi.in
subidson.in
threedb.net
trustcore.in
portal.turn-keymedia.com
test-stores.ulsemo.com
fiesc.insights.umanni.com.br
universalenterprises110.com
benchmark.valuestocks.io
www.veehivelabs.com
www.veglegeszsirbontas.hu
www.venetrivia.com
viewcryptos.com
viewengine.studio
voterbee.io
webraid.shop
masos.whyq.com.au
wojas-bazgrolety.pl
www.xbiologix.com
www.zaprepasse.com.br
share.zunocabs.com
Other domains in certificate