DNS Gurus
Cached · just now
80/100 SECURITY SCORE

Certificate Information

Subject
CN=staging.designmat.ch
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 25, 2025
Valid Until
March 25, 2026 71 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
0A:B8:B7:30:88:27:CD:C7:77:AE:EF:3F:5A:58:C2:15:0B:1A:C3:5C:F9:1D:97:7B:3C:47:58:20:57:FE:95:3B
Alternative Names
100 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Configured (Restricts certificate issuance)
Current Issuer
Authorized (Matches CAA policy)
Authorized CAs
digicert.com comodoca.com globalsign.com pki.goog sectigo.com letsencrypt.org
Wildcard CAs
comodoca.com pki.goog sectigo.com letsencrypt.org globalsign.com digicert.com
Recommendations
  • Consider using critical flag (flags=128) for stricter CAA enforcement
  • You have authorized 6 CAs - consider limiting to only the CAs you actively use
  • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

100 domains
midmark.com.br

Other domains in certificate

staging.130rqs.com
www.aepsy.com
www.africanwomenamplified.com
www.agenticsolutionshq.com
demo.algoritmi.org
anupsolutions.com
admin.fares.anyware.software
dsr.apiprivacy.com
devapidoc.appfielder.com
www.appstitch.dev
innovation-day.arian.ee
astroalpaca.com
labs.augmity.com
book.aumthenticus.com
baroqueproperties.com
beeper.bcare.baby
www.beststockadvisors.com
burmsverzekeringen.be
c-oonet.com
capadvantagevendors.com
advertiser.casting-asia.com
www.dailyobjects.app
derp.casa
staging.designmat.ch
www.djlabs.cc
social.dsfootball.io
services.e-lares.com
eden4.tech
edveloper.dev
egregie.com
www.empowermatt.com
admin.staging.exchange.art
www.followthemoneysandiego.org
www.fulfod.com
kizuna.fun-japan.jp
furnisto.com
g360co.com
giuly.gabrielerossi.dev
gemma.art
www.getcalicocutpants.com
getprivy.io
johnlin.gig.bio
www.greenvilleservices.us
gruasleobardo.com
harveysettlement.com
app.hdistore.com
hoidung.com
hokuspokus.app
hoops-lab.com
neom.itxi.aero
www.jasscook.com
nandos.jeeblynow.com
www.jeroenmeij.com
share.jobbabu.co
kenrna.com
www.khaledbadran.ca
kirubaioffsetprinters.com
www.lacasetera.com.mx
www.learningstudioai.com
public.simplemath.linkpc.net
crossroads.lioncross.dev
litejsonformatter.com
manuelrdz.com
mawaisrehman.com
menuexpo.com
thegradhat.metis.club
montedosrolas.com
dev.myairpay.io
nathanrenner.com
observatoryzed.com
opinipo.com
mgt.oz-tms.com
pawelkarkocki.com
www.perle.me
godt.plassert.no
pos.aero
staging.promoguadeloupe.com
rifatv-demo.com
www.santythibaut.be
scapia.club
sinos.dev
www.skarvtech.no
app.slimmeboodschappen.nl
smuj.dev
vcgmsp.socio.ai
southeastenergybrokers.ie
supremeximp.com
www.susanvanderpool.com
themoles.synopsystems.com
appclips.tekhcorp.com
teluguloislamahamed.com
themovielog.com
thevibeaura.com
tm-vu.com
emailfooter.trudoc.com.br
twowheelstowork.com
umamirecipes.app
www.waxedbymolly.co.uk
demo.zaitark.com