Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
CN=app.staffwriter.co
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 24, 2025
Valid Until
February 22, 2026
84 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
7B:0E:83:DC:96:63:A8:55:D5:E1:47:DA:16:FA:53:7C:BA:7B:52:94:B8:25:37:E5:1C:FF:CB:E3:7E:91:9E:5C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Basic
default-src; script-src; style-src; +9 more
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com/js/api.js https://embed.tawk.to/ https://apis.google.com https://www.googleadservices.com https://www.clarity.ms https://cdn.jsdelivr.net https://www.clarity.ms/tag/* https://www.youtube.com/iframe_api https://www.youtube.com https://cdn-cookieyes.com/ https://checkout.stripe.com https://*.hotjar.com https://connect.facebook.net/en_US/fbevents.js https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com https://js.stripe.com/v3 https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-239db17d86d6320632b024ca9e43ba9c.js https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js https://js.stripe.com/v3/*; style-src 'report-sample' 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://embed.tawk.to/ https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src blob: 'self' https://checkout.stripe.com https://embed.tawk.to/ https://z.clarity.ms/collect https://j.clarity.ms/collect https://googleads.g.doubleclick.net https://va.tawk.to https://o.clarity.ms/collect https://www.google.com https://b.clarity.ms/collect https://*.cloudfunctions.net https://u.clarity.ms/collect wss://*.tawk.to https://cdn-cookieyes.com/ https://log.cookieyes.com/api/ https://stats.g.doubleclick.net https://*.googleapis.com https://*.hotjar.com https://fonts.gstatic.com https://www.gstatic.com https://*.hotjar.io wss://*.hotjar.com https://content.hotjar.io/* https://region1.analytics.google.com/g/ https://region1.analytics.google.com/g/* https://analytics.google.com https://*.hotjar.com https://www.google-analytics.com https://*.google-analytics.com https://js.stripe.com/v3/* https://vc.hotjar.io/sessions/*; frame-src 'self' https://propoze-production.firebaseapp.com https://propoze-production.web.app https://propoze-dev.web.app https://go.propoze.app https://propoze.larva.cloud https://propoze-staging.firebaseapp.com/ https://propoze-dev.firebaseapp.com/ https://checkout.stripe.com https://www.googletagmanager.com/ https://*.hotjar.com https://js.stripe.com/ https://js.stripe.com/v3 https://js.stripe.com/v3/* https://propoze-production.firebaseapp.com/; img-src 'self' data: blob: https://*.stripe.com https://googleads.g.doubleclick.net https://s3.amazonaws.com/tawk-to-pi/ https://grow.propoze.app/ https://firebasestorage.googleapis.com https://embed.tawk.to/ https://www.google.com/pagead https://c.clarity.ms/c.gif https://tawk.link/ https://cdn.jsdelivr.net https://www.google.com/images/* https://c.bing.com https://www.google-analytics.com https://cdn-cookieyes.com https://*.google-analytics.com https://js.stripe.com/v3/* https://api.producthunt.com/widgets/ https://m.stripe.com/* https://www.google.hr https://fonts.gstatic.com/ https://www.googletagmanager.com/; manifest-src 'self'; media-src 'self' blob: https://firebasestorage.googleapis.com; worker-src 'self' https://propoze-dev.web.app/sw.js https://propoze.larva.cloud/sw.js https://go.propoze.app/sw.js; font-src 'self' https://script.hotjar.com https://embed.tawk.to/ https://fonts.gstatic.com/;
X-Frame-Options
Excellent
deny
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Present
payment=(self)
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
propoze.larva.cloud
staging.host.10seat.com
portal.cmis.ac.in
dev.afirmis.com
alamininfortech.com
www.albaseguros.mx
alpenglow.systems
ammarweb.org
ministeri.anccp.it
andersonmontana.com
andresmonnier.com
appfaa.com
app.aw-anotherworks.com
babitapack.com
reservation.biei-carshare.com
www.bitautor.de
dl.bk.com.co
bondr.no
chaloreview.com
www.chaloreview.com
child-participation.kr
ciskodisco.com
cleardayapp.com
cloudcog.hr
www.cysero.org
poc-laravel.daobui.nl
datavalue.ar
staging.desertmermaidaquatics.com
test-display.deskintelligence.com
www.digi-shark.de
djin.co.uk
drgoof.com
eddiedemo.com
monitoring.egraft.fr
gatorsnft.io
generationbuilder.net
www.getotech.in
www.globetrotters.ai
gongter.com
goodbye1040.com
www.gr8rsmsmanager.com
demo.hnhconsulting.ca
www.hongmoe.com
humancapitalcredit.org
hypnosismic-2nd-drb-vrbattle.com
www.indiic.com
trailman.janakj.org
www.jockegustin.se
jugglevision.ai
innovar.lextartecnologia.com.br
merchant-dev.luna.vip
www.malkaesther.com
mammografiprogrammet-konferanse.no
mariusproton.fr
auth.matecito.co
www.mcgeary.dev
barts.partners.medics.academy
joc-plantes.mercatherbes.cat
michaeluniversity.org
portal.midiagnostico.cl
app.minichess.club
cms.mobileappster.co.uk
h-farm.monacofoundry.com
motorider.online
app.myfastpcba.com
test.mytasks.netresult.app
dashboard.dev.mlt.nextgatetech.com
okodetech.com
app.omedo.co
www.oppositeday.co
bksgdev.order.place
www.originaldog.in
dashboard.pbj.live
phrases.world
polycam.ai
www.progidro.ru
staging-test-tenant.qburst.in
www.quantumfy.co
www.rabbitson87.dev
try.reach-digital.co
app.reclip.pro
hq.reconise.com
admin.recora.mx
app.schwendimann.ch
questions.dev2.screencastify.com
simracingseries.simrace-control.ch
app.staffwriter.co
auth.staging-homehub.site
cdn.study-habits-dh.com
ansatt.systemhus.no
www.thirusiasacademy.com
analyze.tienphan.work
tiger.voyage
pilates-girona.timp.io
tinkerersagar.com
gcp.torque360.co
utkueray.com
www.xin-squared.com
sheep.zapdev.net
www.zenreki.systems
Other domains in certificate