Open
Cached
·
just now
83/100
SECURITY SCORE
Certificate Information
Subject
CN=geometric-insights.anagraph.io
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
November 23, 2025
Valid Until
February 21, 2026
38 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
07:66:15:50:0B:69:F9:5E:29:5A:DF:6D:3C:CD:9C:02:5F:A4:FF:75:7F:10:5C:52:0F:A0:FF:3B:47:7C:31:DF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=63072000
Content-Security-Policy
Strong
default-src; base-uri; form-action; +14 more
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; script-src 'self' https://apis.google.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://*.firebaseapp.com https://*.firebaseio.com wss://*.firebaseio.com https://firestore.googleapis.com https://js.stripe.com https://*.stripe.com https://*.stripe.network https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'nonce-cPlarupbzR3pIvmo0pHv2A=='; script-src-elem 'self' https://apis.google.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://*.firebaseapp.com https://*.firebaseio.com wss://*.firebaseio.com https://firestore.googleapis.com https://js.stripe.com https://*.stripe.com https://*.stripe.network https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com 'nonce-cPlarupbzR3pIvmo0pHv2A=='; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-hashes' 'nonce-cPlarupbzR3pIvmo0pHv2A=='; style-src-elem 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://apis.google.com 'unsafe-hashes' 'nonce-cPlarupbzR3pIvmo0pHv2A=='; font-src 'self' https://fonts.gstatic.com data: https://insiderbnb.com; img-src 'self' data: blob: https://maps.gstatic.com https://*.gstatic.com https://www.google.com https://*.googleapis.com https://*.stripe.com https://m.stripe.network https://firebasestorage.googleapis.com https://storage.googleapis.com; media-src 'self' data: blob:; connect-src 'self' https://apis.google.com https://identitytoolkit.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://firebasestorage.googleapis.com https://*.firebaseapp.com https://*.firebaseio.com wss://*.firebaseio.com https://firestore.googleapis.com https://storage.googleapis.com https://*.stripe.com https://*.stripe.network https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net wss:; frame-src 'self' https://js.stripe.com https://checkout.stripe.com https://hooks.stripe.com https://*.stripe.com https://m.stripe.network https://*.firebaseapp.com https://apis.google.com https://www.recaptcha.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net; object-src 'none'; worker-src 'self' blob: https://www.google.com https://www.gstatic.com; child-src 'self' https://js.stripe.com https://checkout.stripe.com https://hooks.stripe.com https://*.stripe.com https://m.stripe.network https://*.firebaseapp.com https://apis.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google.com; report-uri /api/csp-report;
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
zagnetic.com
451f.ai
geometric-insights.anagraph.io
www.bodies.audaces.com
www.ayanengenharia.com.br
www.belgefest.by
hq.birrieriaarciga.com
anotaai.blog.br
app.byteblockchain.org
chatwithrob.online
chinatrading.co
www.sounddiffuser.co.kr
beta.contentmedia.xyz
auth.cryptoexplorer.cc
www.csc-ca.com
portal.ddxbiz.com
eanscode.com
css.ebrana.cz
edonizia.com
photography.eexit.net
enchantedartgallery.net
workspace.endless-app.com
www.felixpham.com
app.ferial-e.com
link.findmeonradar.com
www.firebaseopensource.com
gandanapp.com
hub.geisterkatze.art
demo.gethigher.io
hop.gext.it
www.goodbyte.no
guiaresto.com.ar
highefficiencyhouse.com
uni.highschool.my
ilkboswego.impactwrap.com
inciprocal.com
app.infltr.com
intelligentparadigm.com
www.joshtrains.com
www.justekt.co.jp
zendesk-handover.kindly.ai
www.klikkie.nl
pay-qa.kravia.ai
krisfit-nutrition.de
www.lavishgreen.com
app.liftup.fitness
retail.livingskiescannabis.ca
liyunhe.cn
auth.loyals.us
www.manthanlearning.com
tupsp.messytable.games
who-won.nathandowner.com
byod.netxautomation.com
v2.experience.pms.sandbox.nowlvble.com
nufisites.shop
app.oida-app.com
hava.onedome.com
app.onepms.net
www.password.garden
link.pegboard.ai
capa.empresas.promart.dev
dev.psimple.com.ar
mailmgt.publigo.app
www.pulsorax.cfd
admin-panel-dev10.qlub.cloud
ngx-breadcrumb.ranout.xyz
www.reservationmanager.org
www.restauranteinteligente.pe
www.roughrhythm.com
www.royalpacifictrade.com
sahaikaset.com
design.sebasiland.com
shraadh.org
www.smcorwine.com
www.solaramaral.com
reunion-investments.solerabank.com
souhaib.dev
firepad.ssig33.com
hangman.stephenprabhu.com
th.stockvip.co
kathryn.stranex.com
suxxusglobal.com
www.tennisbash.com
thexxway.com
thriveedai.org
timeclever.com
stage.totem.org
tradediff.com
www.training-fellow.de
goldulf-dustpunch.urtropedesigns.com
uvieca.com
www.veronicakisakafoundation.org
www.vicpci.com.au
www.vladretca.dev
auth.webhookify.app
weddingtails.com
williamhokin.com
www.wkaichan.com
xsoftex.com
www.yobibit.nl
Other domains in certificate