Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=auth.swimm.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 06, 2025
Valid Until
January 04, 2026
49 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
78:51:57:3E:CE:52:6E:F1:44:A5:5F:DC:47:C6:88:1B:8D:4E:78:D0:D1:03:D9:38:6A:9C:1B:87:5A:6D:32:D9
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
olansley.co.uk
www.710calc.com
app.afriendliercompany.ca
maps.agrisense.live
aliz-in-wonderland.com
go.alta.school
promociones.alvarezysanchez.online
analogybot.wtf
time.anb.codes
www.asemali.com
asftechgroup.com
www.atisha-aman.com
ab-inbev.badak.io
www.betbro.ca
brian-fouts.com
byron.page
www.cdrvalkyrie.com
web.centraldasapostas.net
www.charvimittal.com
chatsquad.io
bv.ck.ua
fw.clom.dev
verify.cmenu.ca
invite-meet.ktworks.co.kr
www.atos2.co.kr
swx.coolworx.us
crispdemo-uat-orders.crispnow.com
dentalya.eu
aem-5.dev-ltl-xpo.com
donationcharityapp.com
dossiermade.com
account.downit.app
wwws56834755.engly.com
admin.escape-if-you-can.online
www.existentacle.co.uk
cloudlog.ezcast.com
globaldigits.org
groupegavi.com
app.haulier.one
links.hokto.jp
nigemizu.housekinoa.me
hpmsgraphite.com
app.hvr.world
afikoman.idancohen.com
inqjournal.com
app.itkat.de
kikenyatours.com
kinnargata.is
pro.knockk.app
lotusbookfolding.com
l.maxab.io
mosbor.ru
gridbuilder.myraceday.io
quintessentially.neoufitness.com
streams.nightspeller.net
nimblelabs.org
nofikrgroup.com
pa-sase.stg.appsvc.paloaltonetworks.com
dashboard.pendolaproject.com
philippealbertelectrique.com
admin.picksixtyfour.com
pivotlabs.vc
po-bitenc.si
staging.portal-patient.com
profileofmigal.dev
www.pyret.life
snook.quakerproject.com
au2.oms.resbutler.com
ricdaza.com
seva.sagisu.com
webhook.salesmaxxx.com
sandgroup.solutions
www.savelyapp.com
www.sawhgr.com
www.shortshort.report
www.smh.wtf
link.socios.com
lifefitnessvx.sphure.app
links.st6.io
stackscout.io
stella-och-ginas-jul.se
www.strandoase-am-edersee.de
auth.swimm.io
www.tangram.nz
testbdsm.org
thecodingbiochemist.com
www.thecryptosharks.net
www.thinkin-apps.com
events.tsgwdc.com
vidbax.com
app.visionbook.com
l.visioncare.lk
vkinventions.com
cambridge-app.wmaws.net
app.wowdesk.jp
sdk.wowtalk.jp
resume.yashanand.work
yoyo202403.com
www.zero-budget.net
zy-ang.com
Other domains in certificate