Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=devapp.bookingapp.online
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
January 07, 2026
Valid Until
April 07, 2026
83 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
0F:FE:FF:B0:F1:4B:51:83:A6:33:58:50:5C:42:1B:60:9F:F0:A7:2B:5D:00:B6:45:B3:CB:70:F2:E3:26:D1:3D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
sbtr.net
2gowith.me
sherlocktalent.3diq.com
go.advanda.app
www.agapetherapy.co.uk
www.agendacinemadesenfants.com
ai-query.live
www.amazonasaquatics.com.au
digitalrock.amrgharieb.com
appcopypaste.com
services.aquaroseirrigation.com
link.axisme.net
www.bleumes.com
devapp.bookingapp.online
www.camera1.app
ambulancezorg.cao.app
helpdesk.careandshare.vn
inst.clau.io
quantum.com.kw
orisun.com.ng
cracky.in
cutoff.live
www.ddtandfamily.com
dealtata.com
duder5000.com
eaganfootball.org
edatoolkit.com
everestunited-taekwondo.com
www.everestunited-taekwondo.com
everettrogersmusic.com
www.evozone.app
flightclub.one
freelightroom.com
gabrielesabatino.it
links.gasgas.app
gemcloud.info
www.giorgioprovenzale.it
globalscalesolution.org
goldenhillpainting.com
ha-rue.com
design.hark.eco
worklife.links.healo.app
healthcheckscore.com
hegde.co.uk
app.hookle.net
www.inciteinteractive.ai
nuka.ipiak.com
hkl-pb.jec-digital.com
www.jma.ae
www.jocelyngallegos.com
jorgegrullondev.com
www.jplisdorf.com
www.keepweightoff.net
erpalerts.kgplife.com
langhausenenterprises.com
www.laplandairports.fi
mansishrivastava.in
larbmuang.mapleworkspace.com
solva.staging.mikademy.vn
miltierras.app
gov.mockexam.online
www.mocklets.com
modware.lat
go.mowede.com
www.multired.net
www.nathalystudio.com
neogreen.ro
neurave.net
clear-tnpsc-tamil.nibunan.in
nitaysheffer.com
www.od-werks.com
skoda.ogaspaas.com
oneclickcasting.com
opticasvisionside.com
orthotrauma.care
pasalavoz.online
admin.plany.site
plany.site
app.quotemyorder.com
corporate.reachout.ltd
ror.gy
roytown.net
ryantenor.io
sacredriverboats.com
sumairastudios.com
surveym3.com
bodacolatolopez.swanmoments.net
tansikhadayek.com
trelto.com
typingoh.com
ujaval.com
www.vipteccj.com
vishnuprakash.in
vsits.la
www.vspazetechnologies.in
www.wanuaade.com
www.web-dojo.xyz
yamahar7.autos
yorozuya4628.com
zephyrhillmusic.com
Other domains in certificate