Open
Cached
·
just now
82/100
SECURITY SCORE
Certificate Information
Subject
CN=heyapp.net
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 14, 2025
Valid Until
January 12, 2026
58 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
AF:20:81:AF:29:A3:35:14:BC:BE:97:91:63:B4:5A:38:35:01:32:8E:23:2F:42:16:27:3F:90:0E:46:30:6B:B1
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Good
default-src; img-src; media-src; +7 more
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
swan-driverportal-test1.ingogodev.net
2021.eventsourcing.live
www.a1taxigo.com
pics.agazagraba.com
www.alyx.live
applicateya.com
appvantage.io
atomitie.fi
www.aurinext.com
bdalil.com
bersatusmart.com
app.bewiki.com.br
bizuia.com
www.bizuia.com
www.bjorkdahl.dev
bluearas.bluearas.cloud
brillosolar.in
brockkrusemark.com
budgetcarslondon.co.uk
choosy.us
pappasbuilders.co.in
www.code2seq.com
dcsunvolt.com
www.employmentwale.com
www.enducloud.com
dev.everest-automations.com
everest-automations.com
dynamiclinktest.fairlight.nu
www.fanchoiceawards.co.za
www.fansaves.com
www.fdvof.com
www.finnchat.ai
www.fonelabs.com.au
www.fracviz.com
totem.frin.fr
feedback.fyneapps.com
www.garagesalecommunity.com
dev.gestioncamssa.com
www.getspeakin.com
gopheresearch.com
greenlineservice.ge
app.guestdash.com
www.habireco.com
heyapp.net
auth.staging-hub.hoxby.com
ibrahimeren.com
ducnguyenit2.id.vn
www.influly.co
intervumate.com
compe2.iry.golf
james-culpepper.com
resume.jenniferwadella.com
konflikt-boardgame.com
homeins.koverageone.com
portal.langaards-stiftelse.no
librilo.pl
livecode.la
lovingarmsorphanage.com
lucidityapps.com
www.lupamerch.com
preview.maid.tw
www.mandarinejam.com
mangakaizen.com
michaellynnsmith.com
minominolyly.net
miyagitech.pro
moonsdental.com
ar.mortonsalt.com
films.informacion.my.id
google-otter.nextinline.io
nixosch.de
www.oscarhelgesson.com
ozgurgorgulu.com
peterzorve.com
www.plog.me
portfolioanalyser.com.au
radiovisionandina.com
repuestosrq.com
app.retail-hawk.com
solitaire.richbrown.com
rolapp.site
satsoft.io
pe360-online.sheremetat.dev
skyenergysolutions.ca
www.smile-award.net
www.stringsdb.com
pateliafamilytree.talhahpatelia.com
www.tbrapp.co
techbyvishesh.in
textmyhomes.com
www.tiborbuzasi.com
panel.tooltips.cl
tutortide.online
s.upw.li
uttarpradesh.tech
bingo.womankind.org.uk
workplan.cl
www.wortbaum.com
www.wyral.co
zorobyte.in
Other domains in certificate