Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.fantasygolf.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 10, 2025
Valid Until
January 08, 2026
50 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
99:89:A4:FC:9B:1A:1B:57:0D:8C:84:F1:7B:9B:17:6C:39:2A:39:14:F0:58:AD:3E:7A:9A:47:3D:A5:EB:70:57
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
test.storydsoftware.app
app-plus-scoring-dev.1stcutoutings.com
www.3-chess.com
beneficios-dev.aclspa.com
aesvg.adaept.com
www.afterplanner.com
agroforst-planungstool.de
www.alleystrengthandnutrition.co.uk
allstudio.app
apilocks.com
paymentbar.appstitch.dev
aurore.net
bieritor.com
app-hmg.biud.com.br
projects.cameron.rs
mpayer.co.ke
www.codeclick.dev
vco.admin.convercus.io
www.danieltoos.com
diretodostrens.com.br
dndspellcheck.com
app.dogtopia.com
dotjobs.org
www.enginemedics.co.uk
faisalgedi.com
www.fantasygolf.io
backend.favstay.com
practice.firewerkz.dev
foodtolls.com
dk.gforce.nu
ghost.earth
auth.gwop.co
eopen.harcourtsapps.com
hidra-brand.com
hsbomfimcontabilidade.com.br
url.igemas.com
innocard.digital
innovationlabs.uk
ivansanchez.dev
link.ivoyance.app
jaleo.app
beta.jobeez.be
www.juancardona.dev
dev-app.keitan.jp
classroom-guardian.kennethhau.com
link.krumod.app
admin.leandrorolim.com.br
legalsofttech.com
www.linvo.app
livestocktransportnetwork.com
www.lynxbe.net
masaki-nonaka.com
mechdesign.co
www.mohammadsahal.com
bugs.msiejak.dev
www.msiejak.dev
muscatinemutual.com
play.namenix.com
neper.app
gdcatv-csm.cns.net.tw
notafoodblog.org
boname-gerling-quartier.menu.operate-app.com
fitprovas.fitec.org.br
ossbot.computer
ozgn.dev
h.panda.pe.kr
affiliate.penji.co
app.pitangoo.com
v1.plantsforcats.com
app.postcube.com
www.pour-data.com
docs.projectrotini.com
www.qlog.in
readingchineseschool.org.uk
bluecor.redfox.dev
sales.rinkt.com
rosy.com.ar
runk.app
www.ruthfee.com
scucourse.net
dev.simpleinjection.com
www.sphoorti.com
stojanowski.consulting
www.straticgames.com
invite.stringboard.it
sm.suplo.vn
fidelite.surfaceimports.com
sydekick.dev
www.szkolatanca.app
calls.targetreach.net
teambuildinggamesworldwide.com
www.thesuites.app
www.thinkitsoft.com
www.tikicheck.org
demo.turboradiology.com
viewin.ar
thoothukkudi.vishnutaxi.com
tirunelveli.vishnutaxi.com
medevasion.viveit.cl
www.x-hive.cc
Other domains in certificate