Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=staging.app.ecp.merchantportal.us
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 07, 2025
Valid Until
January 05, 2026
51 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
75:B6:3C:8D:2D:F0:F8:94:6F:D5:A8:20:A4:E1:9F:82:86:EB:02:4C:FD:D7:EF:B4:A4:C0:C5:EE:AF:F9:D4:6B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
quranquiz.net
puzzeltijd-test.42puzzles.com
www.acorpsideal.com
portal.alanrgan.com
amiralgentsfabric.com
assets.b2b-alive.com
ewtax.bacotech.com
rider-web.basis-development.bike
auth.betasymbols.com
mindshapes.bmgomg.com
numerica.bmgomg.com
app.bodytracker.ca
brianpark.ca
www.buck.me
builtbypanda.com.au
report.xtremeconnected.bycopilot.com
www.cafecohort.com
dev-goto.called.app
admin.staging.charat-kuji.jp
demo.chiff.app
trickingbees.clnif.com
sms.cmplte.com
talents.ethosia.co.il
www.gofood.co.il
cognify.app
www.puzan.com.np
w.cigna.com.tr
embed.consensus-labs.com
www.countrymile.in
entrant.cxia.ie
www.danielleduijst.com
despitethemonkey.co.uk
labs.dianalearningportal.com
domestically.pk
pfg.dominos.ma
drnagymelaniaugyved.hu
offers.dev.dynamicloyalty.ai
uat1.eaworkspace.app
chat.edlin.app
photography.edlin.app
eduardaporto.com.br
ncrind.ehryourway.com
auth.eventfour.com
f1gamer.co.uk
pro-qa.figure1.com
dev.gonovi.com
graser.ch
llm1.hub9.io
www.iimbangels.com
www.incidamus.com
www.jarno.rocks
johnoreilly.dev
justrecs.com
www.koenig-ludwig-stuben.net
lbdismiss.com
native-local.lifefit.tech
bin-poc.logexa.com
staging-script.mandera.io
www.mangiarebistro.com
marcodeka.it
markuspaschke.de
l.markwick.eu
www.marutiboards.com
mauricemorneautax.com
google.mehdi.cloud
staging.app.ecp.merchantportal.us
www.michael-method-app.com
koskamp-qa.mobilenxt.app
molta.app
auth.mqrg.fr
api.myol.xyz
console.mytrendingstories.com
liff.nobunaga.life
noxive.com
okiedokie.app
dashboard.order-hub.de
oughtify.com
bus.paaza.app
partsclub.us
www.peervuu.com
dev.peoplelens.ai
ezapys.pp.ua
www.privemd.com
staging-qrms-v2.qburst.in
quote-ninja.com
refreshium.com
www.rocketroundingapp.com
www.rpindustrialproducts.in
vichy-player.sky-boy.com
portal.spree.co.jp
www.sproutworks.ca
suicidehotline.org
www.thegrunyons.com
pos.tiendex.com
support.tooto.mn
app.trifor.es
heyceres-staging.tryhabitual.com
figueroapersonaltrainer.turnosweb.app
www.wheelofnames.online
dev-get.yapeal.ch
Other domains in certificate