Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=staging-chanel.lefty.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 06, 2025
Valid Until
January 05, 2026
51 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
8F:2B:E4:30:4E:32:0F:CF:38:57:43:80:C1:63:A7:B9:9A:2B:C4:14:5A:E1:AE:91:2F:76:B6:A4:62:39:B7:1E
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.baglayan.dev
9mile.us
paymentpb.aaa-fta.com
actini.us
eziomotiv.aerogram.in
eye.aisuperior.com
amiinaporn.com
angelapastorinteriorismo.com
beta.backstaige.com
www.bajoneando.com
my.dev.bioracermotion.com
www.whp.bmgomg.com
werk.bodgroep.nl
gims.btgzim.com
www.campagapevermont.org
app.cloudscaff.com
reduct.codin.ch
www.coloriseverything.com
www.contentmate.ai
dinamikprimapersada.com
www.discast.com
www.djdavidson.com
drinks-up.com
drumshopcr.com
now.emproltda.com
elucidate.erbridge.co.uk
sprint-wrh-portal.exitest.com
fing.app
facturacion-qa.fraiche.cloud
welcome.frienli.com
www.frodoe.com
getsafeapp.com
app.groupe-prevensys.com
bo.helloado.app
www.hialeahpermits.com
howfucked.is
clinic.injurymap.com
www.inquire.online
instantbeautyapp.com
app.intertennis.com
babylasertag.jam3.com
www.jameseskew.com
www.joey.team
www.johnfoushee.com
www.kbwedding.be
koenig-ludwig-stuben.net
kosmoswma.com
of1.ksug.ai
lalimit.io
www.leader-delivery.com
staging-chanel.lefty.io
app.manosseguras.com
mapocaco.com
marcelcominotto.be
www.matrixy.co
www.maureenduffcasting.com
measuredtrader.com
healthcare-uat.microba.com
www.middlecar.com
cobiene.mil.pe
minarental.com
truckie-concept.mortensoncreative.com
app.music-hub.com
doctores.mymoons.mx
www.nakamoto.net
link.nextstepgoodlife.com
ngtoronto.dev
ninerasa.com
suda.okd.kr
oodlesbooks.com
dadskeyboard.peep.wtf
peoriasfinestllc.com
raaonlinecertify.com
clientes.stage.recora.mx
rootedfaith.org
trayectoriaest.satelite.ai
sayhello.cash
scripturegames.com
shutterfly.studio
lnk.sidp.me
www.slowsolutions.com
smithwithatypo.com
erpgsjm.solutionjm.ca
app.sophrosync.ca
stellarmobi.com
api.streamos.co
hulah.strollhere.com
visitor.strong.no
www.subsoo.com
staging-app.teamtoolsapp.com
thebritspub.com
www.tucao.ca
pdt.usp.center
virtualdepartments.com
xnr.p.w3.app
www.waas.me
whereswork.com
links.wishlistr.app
yudachi-shinko.com
app.zupay.in
Other domains in certificate