Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.pick.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 26, 2025
Valid Until
December 25, 2025
49 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
59:3C:16:98:78:D6:EF:C5:F9:DB:F4:F5:D8:E3:C1:6B:78:3F:CC:37:B8:84:4E:8D:1E:C0:F3:8E:87:11:8E:DC
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.andspacehk.com
www.aliceseguros.com
aparca.com.co
sub.auto-voicing.com
bestellen.avondwinkeloranje.nl
bigsnudistcolony.com
brasilamericano.com
bussin.net
go.candylabs.de
www.cipheria.pro
clapcampus.kr
www.clinicasdentup.com
www.comfortlab.ru
link.cosmile-info.eu
webhook.dash.bar
www.dauerhaftsolutions.com
admin.deglaze.app
app.depthfirstcoding.com
trackway.dibarto.nl
event-finder.diligently.pl
doublebooks.com
www.edeng.dev
emojiwallpaper.11010011.xyz
evergreen-labs.com
farnhamanddistrictwindowcleaning.uk
www.financeskillstraining.ie
fod.live
react-beginner-ride-sharing-app.gdsclsu.com
smartspace.gentrop.com
gnews.buzz
seller.goeatnow.co.uk
staz.goedenacht.app
bridge.gojiswap.exchange
hamedceramics.com
www.haumsung.com
www.hivelabsinnovation.com
hothparkhouseband.com
iacrm.pro
app.ibofk.com
ibus-peru.com
imcaz.co.uk
www.inquiry.online
www.ins-coffee.com
mykola-viktoriia.invito.link
www.joanus.com
www.jscimoveis.com
develop.pet-connect.karottenkameraden.de
auth.kontaktlinsen-preisvergleich.de
www.kovacdaniel.com
www.lesik.site
www.lior.lol
developers.looker.com
martelliengineering.it
www.matimbaenergy.co.za
cop.mdr.net
www.motive-force.com
www.multa.cc
sandboxv2.backend.mycosense.app
www.neckerbauder.de
beta.verity.news.net.au
www.nobuco.at
www.oliverv.xyz
omnieden.com
openlyne.com
orion-next.com
www.peugeot-foret.com
www.pick.io
link.endpointsecure.play.pl
playpocketpoker.com
escapedb.pp.ua
pradco.in
pratyu.sh
www.pswac.org
app.psychicsource.com
purelocate.com
dev-app4.safetytek.ca
www.sebastiangamonal.cl
securius.tech
soledxb-vendorportal.com
www.sophiefuji.com
admin.souler.com
php-the21.spwn.jp
sqout.net
www.supercolor.sk
core.svolme.net
technakriti.com
www.textspeakpro.com
thepostroster.com
thevy-mahal.com
payroll.tidalforce.org
tomkrepp.com
ambev.insights.umanni.com.br
www.uxinkc.com
texte.wanke.jetzt
www.waplat.com
whistlerecruiting.app
staging.williswelby.net
admin.wl.team
hearts.yocto.ca
bads.zone.id
Other domains in certificate