Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=pay.basistheory.gr4vy.app
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 27, 2025
Valid Until
March 27, 2026
72 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
83:1C:6C:BB:88:91:B5:B4:3B:1D:A3:91:A5:01:5A:64:E1:F8:52:3B:68:C7:BD:D6:06:D5:C9:59:87:F1:45:0A
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
smartlike.app
hon-sceneconfigurator.3dcloud.io
5ehpcalculator.com
againsteverything.com.mx
www.amokal.com
app.amplifique.me
andresrios.us
www.anikgupta.me
oassessor.app.br
app.bananalistapp.com
bediag.com
staging-admin.bizmate2u.com
caffeboutiquenovecento.it
g-oz.at.calculatorhub.app
royalecookiebar.clau.io
admin.clued.id
s.asoris.co.id
marksolutions.co.in
www.monkeymoon.co.in
www.coincommons.io
wylix.com.tr
www.san-cono.com.tw
csmanjunathip.in
www.dasoban.com
static.davidserrano.io
dayada.org
www.dfworks.xyz
digikompas.link
www.edge-01.nl
empireenergies.in
basys-konfigurator.enra.app
www.erapura.com
ethiogamers.store
flutteristas.org
forge.report
admin.forro.se
gaetanoracioppa.com
gishub.com.au
pay.basistheory.gr4vy.app
winery-management.grapeweb.com.au
indigenousartsfoundation.org
indu40.com
infrag.org
gerenciamento.israelfrota.com.br
jarovid.com
jtms.app
kamyar.io
labibliotecacafe.com.ar
admin.learndot.online
integracoes.legalizeseven.com.br
app.mansolution.it
masivo.tech
www.massiva.sk
mellevas.app
mincrea.nl
ministerievancreativiteit.com
www.momend.com
www.mvrefrigeracion.cl
recipe.myrealfood.app
www.n8n.expert
www.ngelbond.com
nota-bene.group
www.nunixsoft.com
oops.vip
www.opencontact.me
app.smmi.org.ma
app.analytics.otcf.pl
chat.pglux.com
analytics.phishar.com
producator.plaiuri.ro
plusdelta.app
www.praxixel.tech
city-express.project-lithium.com
app.revibe.lat
link-test.safeguardapp.nl
auth.salesconvention2025.it
www.salonjosie.com
shocat.app
www.sim-crew.com
www.singinglessonsbrighton.co.uk
skcdevelopers.in
avalon.spiders.fun
www.stgermainsanta.com
booking.subirte.com
sustenergo.com
dev.app.thelinehauler.com
ticketwallet.nl
authentication.trunk-staging.io
sp.admin.twaddan.com
admision.vab.pe
admin-area.vasdepunjabi.com
vecindiario.org
veltrixexim.com
webbyapps.io
fizzypeach.wildapplications.com
www.wilsonwid.com
dev-middleware-frontend.wisperisp.com
dev-serviceability.wisperisp.com
middleware-frontend.wisperisp.com
zylmaison.com
Other domains in certificate