Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=costslog.valu-app.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 05, 2025
Valid Until
February 03, 2026
70 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
1A:57:F6:E3:8E:FF:93:C9:41:D6:6F:C4:D0:8A:4B:A2:C3:05:89:DE:5B:27:69:1F:E9:C8:DA:74:75:5D:4A:36
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
meowgram.online
shenandoah-test.3dcloud.io
portal.5loyalty.com
actably.com
www.aimethods.co
ajmancarrecovery.shop
ambitionist.app
argentinaredteam.org
avalaunch.app
aypdevelopment.com
www.baadesaba.me
www.parkbliss.baobao.digital
app.bookmyappointments.com
borderaid.org
bri.gifts
admin.bunnyklawz.com
capricornbusinesshub.au
chrisw.app
hojaega.co.in
paperpal.co.in
uzmind.co.zw
reservation.craftsanddrafts.com
auth.c2f.cyberhaven.io
deepquestions.co
myfirsttestapp.devpress.net
www.drdadds.com
dvlpr.com
easyscratch.app
edmusicaforms.com
jope.edsys.com.br
www.ekomatik.edu.pl
electric-studio.jp
fareedalogistics.com
fixmateusa.com
foodforthought.site
www.glassbae.ca
invoice.gplusf.com
www.greenapeyzaj.com
portal.staging.hamletco.space
iasiri.com
admin-develop.judicialappointments.digital
kooiboys.nl
erp.law-hub.fr
learnie.app
assets.liamskinner.co.uk
www.lignitesolutions.com
lorenzobaratti.it
markhamalignment.com
www.maykstreetwear.com
mobile.mywoti.com
auth.nekomi.club
niemans.website
www.nikugames.com
pagos.nni.ai
letter.note15.jp
arguslib.ogad.uk
voice.olaelectric.com
www.pantrycalculator.com
www.planciarnia.pl
www.planyourcargo.in
www.polyvios-patseadis.gr
www.printtoebook.com.mx
resources.proba.earth
renegadekitchenco.com
www.rightmarkdrivingschool.co.uk
www.salesmrkt.com
www.samething.ca
devops.sezerious.com
www.ghanata.shsreport.com
sierramonte.pt
www.sociallotion.com
blog.spellblaze.com
deeplink.squadeyh.com
srebpl.com
stolltax.de
auth.atomi.studyo.fi
scm.synth365.com
auth.taketours.com
tree.techortree.com
redproxy.telecomax.com
tevrao.com
mosaic.vixi-staging.thefamousgroup.com
tourshield.app
triana.in
www.tuhrn.com
paternalfitness.turnosweb.app
www.useexponential.com
costslog.valu-app.com
www.vanko.io
www.vargas.ooo
verdgood.com.br
www.viticly.com
fyp.wandanial.com
www.webworksdigitalagency.com
whisper-voice.com
yiyifangyuan.com
youbead.com
auth.yoyofan.com
ytmdesktop.com
zafiro.app
Other domains in certificate