Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=bomcal-dev.bomcomes.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 24, 2025
Valid Until
December 23, 2025
41 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
9C:8E:A5:F2:24:37:5C:67:6C:4E:35:23:02:67:BF:E2:8F:6C:A7:D3:CB:69:9D:49:48:01:13:39:10:AA:5E:0D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
yama-camera.com
fellowes-product-config-cert.3dcloud.io
alpha-labelers.aimmo.ai
app.plogalong.apptic.xyz
bomcal-dev.bomcomes.com
web.campaignhero.ai
caravanproc.co.uk
danceevents.cascade.rocks
www.chadthebeasthardy.com
chet.demo.chance-store.jp
sms.demo.chance-store.jp
www.chessexpert.io
www.christine-ting.com
cleanbilla.in
healthhouse.co.ua
fluohaus.com.my
cookiebot.417.cz
www.crash.bet
creativeplaypianostudio.com
app.santiam.cyrencare.com
www.daaaaan.com
app.dothedev.com
qms.dreamshot.io
easyrentrd.com
book.saga.einride.systems
www.etiquette-art.com
evolutionprotocols.org
ewar.com.ar
furryfamiliaspa.com
www.gargallo.net
giiim.com
statistics.gltrc.com
gpiconta.com
gradus.systems
reports.grail-talent.com
hamilton.pictures
auth.harpy.gg
test.hh24.pl
user.hitmybaby.com
houseofrgs.com
houssem-merdaci.com
humanitas.ai
hundehaller.no
idleinsults.com
portasul.ind.br
app.inspectify.ca
app.joincuddle.com
www.kannixvision.com
news.knodge.de
atr.labrewlangerie.com
www.malaysianwarriors.com
www.marsbasen.dk
mes-ipro.com
dataroom.mimyk.com
link.mindtrix.xyz
www.minhngocsv.com
www.montrealinstitute.net
www.muteventures.com
www.neocabgame.com
www.novatis.it
chess-memory.obrhubr.org
dev.onepill.com
app.onrech.de
auth.custom.osoji.io
www.oulunlentoasema.fi
dutchblitz.peetjvv.co.za
phosphenearchitects.com
admin.planmyleisure.com
www.provansiq.com
punteney.com
qadalric.com
reproducedpapers.com
new.rideq.se
prod.rtduggan.com
www.ruthlessbabes.org
gestway.salden.it
www.sapuska.com
sebastianpagni.com
shiftori.com
www.shoofdoctor.com
0800hungry.simplesoft.co.nz
slozt.com
root.smartlinepro.com.br
www.smartparkpass.com
www.step.io
www.suamega.com.br
dev.sugarandroses.com
specsuites.tapacenter.com
sso-portal.iam-demo.tci-pf.net
thehouseroatan.com
thetradingchronicle.com
www.tommygooden.dev
p.ueue.com.au
www.uplaces.site
www.vallogaard.dk
share.venleycapital.com
walterdoc.com
web-u-project.com
gibb.wieswies.nl
link.mikke.zukan.com
Other domains in certificate