Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.flightpad.app
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
December 22, 2025
Valid Until
March 22, 2026
87 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
25:7C:FC:E8:61:37:11:55:4C:10:43:11:AE:E3:54:A2:0B:C7:EA:BF:03:3A:8B:AB:D5:13:7E:72:76:50:83:02
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
www.flightpad.app
test.5kfoamfest.com
siparis.akdenizglobaltekstil.com
aliendeergames.com
www.aniplast.it
apunto.app
areeba.ca
axislabs.space
ayharano.dev
beergolfcart.com
bigmoca.nl
agr-dev.bollo.com.ar
www.casaflorina.gr
www.cloudxim.com
alumdab.co.il
billscopeai.thearchitect.co.in
creatememories.co.in
admin.compaex.in
www.craftdar.com
www.dannynajem.com
deltasentio.co.uk
deltasentio.com
dotler.in
www.driaque.com
drinkbrightandsunny.com
egobuyback.com
ellacutler.com
hieta.elmakar.com
enterprisetutor.com
esradogan.com
fiabilaspurcg.com
admin-portal.flourish.wine
www.foudroyer.com
frankiesgym.com
dev.freightday.com
fullpower.dev
auth.giampy.tech
stg-links.gmal.app
www.godrejwoodsblr.com
crush.goloti.com
kakeibo.hdku.blog
hipaatexts.com
sbb-auth.ibep-staging.com
indicompass.com
intelloria.com
www.interiorblissbylynne.com
island-resortnasu.com
italiacheadora.it
jbook.jamero.me
jected.com
jolowasa.com
www.jonathonemery.com
jordan-studio.com
app.kiba-fashion.nl
korroshield.com
panel.letsgomoons.com
www.liamkande.com
fb.llama.im
kara.madebysofi.com
www.meeko.com
meibun-house.com
miamiappmachine.com
portal.moodly.education
www.moom24.com
dtf.multifi.ai
murphle.com
www.myqrcard.app
nantokaexpress.com
naoux.co
njc-software.com
nomiserycosts.app
nriunion.jp
opinor.in
oshitrade.com
phonexio.com
phoresoft.com
www.planeutral.org
prototypeforme.com
www.px12.app
qixcept.com
quancotechnologies.com
querytalks.ai
religionportal.org
rockyandjess.ca
www.rodafe.com
rusirii.com
saao.buzz
www.saao.buzz
skjanmotsav.org
smartgogotravel.com
softwarehatch.com
d3.spandl.ca
condor.staffway.com.br
legal.superminions.ai
www.talkinghead.ai
theunrealfusion.com
mobile.treetracker.org
sl2025-webface.labs.websheet.io
systemdesignplayground.wegolu.com
www.zedtime.live
Other domains in certificate