Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
CN=www.bookey.org.uk
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 15, 2025
Valid Until
March 15, 2026
83 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
F1:13:38:DB:6A:1F:5D:1A:FA:10:B3:17:62:42:02:99:E2:6B:BD:B3:0C:BE:CD:39:01:D2:FA:3C:AD:2B:91:97
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Basic
default-src; script-src; connect-src; +6 more
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adtrafficquality.google https://*.iubenda.com https://*.posthog.com https://*.googlesyndication.com https://*.gstatic.com https://*.google.com https://*.apple-mapkit.com https://cdn.tiny.cloud https://static.zdassets.com https://*.googleapis.com https://*.stripe.com https://apis.google.com https://*.facebook.net https://www.googletagmanager.com https://*.clarity.ms https://cdn.firebase.com https://*.firebaseio.com; connect-src 'self' https://*.facebook.com https://*.adtrafficquality.google https://*.iubenda.com https://*.posthog.com https://*.gstatic.com https://*.apple-mapkit.com https://cdn.tiny.cloud https://mxtickets.zendesk.com https://*.zdassets.com https://*.cloudfunctions.net https://*.google-analytics.com https://*.clarity.ms https://*.ingest.sentry.io https://*.firebaseio.com https://*.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' cdn.tiny.cloud fonts.googleapis.com fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.iubenda.com https://*.posthog.com https://cdn.tiny.cloud fonts.googleapis.com fonts.gstatic.com; img-src 'self' https://toolbox.marketingtools.apple.com https://*.googlesyndication.com https://*.adtrafficquality.google https://*.google.com https://*.apple-mapkit.com https://*.gstatic.com https://*.tinymce.com https://*.facebook.com https://*.bing.com https://*.clarity.ms https://flagcdn.com https://i.ytimg.com https://firebasestorage.googleapis.com data:; frame-src 'self' https://*.adtrafficquality.google https://googleads.g.doubleclick.net https://*.iubenda.com https://*.googlesyndication.com https://www.youtube-nocookie.com https://*.google.com https://mx-tickets-dev-alex.firebaseapp.com https://mx-tickets-dev.firebaseapp.com https://mx-tickets-production.firebaseapp.com https://*.stripe.com; worker-src 'self' blob:
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
mx-tickets-staging-alex.robinheat.io
aaitcse.com
data.adv.red
ajovuoro.fi
zumzum.app.br
arrowindustrial.com.mx
training.astrashield.net
azcrash.com
www.bipolar-mood-diary.com
www.bk88bk99.com
www.bookey.org.uk
firebase.bpmx.com.ar
brigade-halo.com
briskrenewables.com
www.chordx.app
crunchyroll-prod-api.closedcaptionconverter.com
groneshedtech.co.in
www.groneshedtech.co.in
certificados.codedojo.com.br
backoffice.spirit.com.do
cayirova.gunesproje.com.tr
aromasysabores.corntech.com.mx
api.crdls.com
crosscountryfantasy.com
corporate.cu-ra.net
data-visions.de
www.desarrollooperativo.com
fx.digitagram.com
disrupttechlabs.com
dromeduo.com
ecoidsystem.pl
elcarteroec.com
www.electriphant.io
www.eonrocks.com
book.estim.co.jp
evazee.com
docs.testnet.everstrike.io
www.fairsprint.com
filamentowl.shop
www.fokusgesundespferd.com
garanted.ru
www.ghien.vn
www.globaljob-dz.com
grahamstyres.co.uk
docs.hapihub.com
hellie.online
www.howlongtowork.com
www.inno-soft-tracking.com
intosoundhealing.com
iopeoples.com
jaayeka.shop
wysiwyg-web.jazertechsolution.com
www.jetpackwandererpress.com
www.joseantoniomesa.com
www.jtcarlos.com
www.kannyslab.com
app.karaokemanager.com.br
kaustubhjoshi.com
www.livemachine.com
www.losangelesinversiones.com
medqr.com
mesadelaboratorio.com
naokisato.work
web3.nodostech.io
www.nolanclark.co
odsalumni.in
www.ontolabs.com
iticket-staging.oresundsbron.com
go-staging.perkypot.com
celerity.portfoliolink.co.za
dev.proinvoice.co
pskj.world
www.ptrcknchlsn.xyz
www.rajawewaresort.com
www.regtcphmx.app
ricardofranca.me
www.saajcleaning.com.au
sdconsultants.com
sebastiangarzagarcia.com
54thworkshop.skkudramaclub.kr
st-design.be
summanenlaw.fi
www.talviwear.com
www.techprimis.com
connect-staging.timeless.investments
tradeversellc.com
christchurchcloud2.ufg.co.nz
www.unilab.health
url24.live
engenharia.usucampeao.com.br
staging.v-l.dev
vgbcglobal.com
www.video-jockey.com
vietglobiz.com
accept.visualtourbuilder.com
smoula.vojtechstefek.fun
vsoftech.net
backoffice.pulsabi.web.id
www.willowbeauty.in
www.woordle.de
Other domains in certificate