Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=api.staging.activitystreak.app
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 07, 2025
Valid Until
January 05, 2026
45 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
6B:06:F2:42:16:E1:18:3E:F8:67:E1:74:7B:BA:F6:BA:9A:EE:AB:48:BD:9C:6B:9C:0B:DC:A4:BF:E2:30:C2:79
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
comodoca.com
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
Wildcard CAs
digicert.com
; cansignhttpexchanges=yes
letsencrypt.org
pki.goog
; cansignhttpexchanges=yes
ssl.com
comodoca.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 5 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
Subject Alternative Names
100 domains
yerlinugarte.com
www.100marathonclub.id
vantageit.app.1on1navi.com
2019.devfestcampeche.com
api.staging.activitystreak.app
aiappsbrewery.com
aislinfoods.ca
alertacomunicador.cloud
alleystrengthandnutrition.co.uk
antonioresende.com
hike.ar-route.com
app-preprod.axiocap.com
www.bartvermaercke.be
bayareamaker.co
www.bidyositi.com
www.bitforest.tech
bobtagnil.fr
bullmoonjunior.com
bytebeat-liu.club
www.cassettetapes.org
formulario-web-cyd-dev.cc-irdigital.pe
clp.gr
app.easy-event.co.il
jem.co.il
cobiene.com
intranet.colegfarmcluj.ro
powerbank.ranna.com.tr
dogsjoy.com.ua
conf-bashedu-fmit.ru
www.app.constructioncleanpartners.com
www.dalton-thomas.com
digbuild.net
digitalby.me
efas.com.br
dons.eglise-boissiere.fr
dmi.elxa.io
tss.elxa.io
www.emeraldanvil.com
enalanda.com
englewoodafterdark.com
dashboard-staging.ensodata.com
dev.impact.fairchain.org
go.fit-solar.de
app.floatyfly.com
gameworks.co.jp
geekdas.in
app.kinder.graubuenden.ch
procenkids.gravass.co.jp
happyloon.ca
tracker.healthcare-now.org
hoccongnghe.vn
www.hoeveelmoetiklenen.nl
www.houstonathleticscamps.com
iiraa.com
qa.impactplus-investing.com
www.infinitesync.app
invitation.jareads.com
www.jjjmsun.com
qr.lockit.rentals
app.luggagestoragesuzette.fr
mags.dk
markifyapp.com
playground.matthieumontaille.fr
www.mihajlobondji.com
mindybots.in
mingleli.com
micp.missionchain.cloud
www.nextgenerationrailway.co.uk
jitsi.nooks.in
admin.dev.norby.live
kundenclub.nordsee.at
www.pablo-alexis.com
www.pixelwhips.app
positeasy.in
www.pranjalmishra.dev
pudgycow.com
kpmg.recruiting-solutions.org
system.resbutler.com
admin.rieticket.com
rohitbind.in
welcome-app.schueco.com
sea-forge.com
seattlemashujaafc.com
www.covid.sed.hu
weborder.spont.cash
macutriviacr.sqwadhq.com
trivia-dev-admin.sqwadhq.com
timharbakon.com
app.tripp.com
urrutia.me
veey.io
villanovacamps.com
test-erp.vsolpacs.com
app.wantic.io
nbn.wewonder.com.au
whiskylogen.no
www.winelottery.no
web.wiwo.com.co
www.ymx.me
yt1s.biz
Other domains in certificate