Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=playtoki.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
January 01, 2026
Valid Until
April 01, 2026
89 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
0E:24:C4:E3:02:44:BB:6C:2A:6E:C4:C3:B3:8B:53:B0:2B:D4:65:D3:B8:D3:3E:F4:25:54:10:7A:6C:CF:DC:85
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
zerothkey.com
m-aura.abiinteriors.co.nz
www.airtonix.com.au
east-west.get.alpinemedia.com
tyrol-basin.get.alpinemedia.com
www.app-robot.com
armbrustproshop.app
japjap.asap2go.com
playbooks.athenago.com
avantagecpo.ca
baitfinder.com
messaging.bcmone.com
remotes-staging-admin.bou.dev
demo.cardlak.com
centurionpodiatrist.com
www.circumexperiencia.com
cotiza.clubdelseguro.cl
www.coastline-vending.com
www.codemane.com
www.confessum.com
conhecemais.com.br
editor.createlearninghub.com
crumbprint.com
uat-api.decoda.com.au
mob.deepraft.com
www.digitalhorizons.dev
www.droov.io
dukatrack.com
evolvemachines.com
www.finfinai.com
gaiainnovations.net
ginojoseph.com
www.golfcash.app
hiliteu.com
hoop-records.com
www.hunvreal.fr
d.iflat.app
imio.app
www.individual8.com
sofboxadmin-react.iqonic.design
irakai.com
itmobilear.com
riderandroidchat.jeeblynow.com
www.kinpes.com
universidadexecon.lernit.app
artilux-client.lychee.pro
www.lyndon.com
magdadobska.com
mailosaur.org
www.massarwe.com
www.massequipments.com
maybridgecapital.com
mazenabousamra.com
blog.miguelchavezweb.com
www.mir-khan.com
nebulavr.com
pic-playnorth.mentor.neccton.com
www.neurogenesispsych.com.au
nitroflux.com
www.nobspartygames.com
nogtk.dev
www.pianolessonsswindon.com
m.plantsharp.com
playtoki.com
prismpreschool.com
pujieblack.com
gerty.quantcastle.com
racheljue.com
app.rainierdatalabs.com
rdlrenovation.com
bhx.realtimeknowledge.com
bhxstatus.realtimeknowledge.com
redpandacrossing.com
pos.staging.restoplus.com
rollingspringslabs.com
www.rpa-i.com
create.showroom.app
app.simple-reports.com
simple-scores.com
tendering.simplexity.com.co
www.sitmopanel.com
skipadealer.com
scorecard.sprytoolbox.com
grubslidepredict.sqwadhq.com
vhsltrivia.sqwadhq.com
srvcs.stackblitz.com
link.sweepy.app
swift-menu.app
kural.swinnovate.com
tesjiluni.com
www.tidsi.co
screenshots.topmade.app
www.toqn.com
www.trackingto.app
bspa.trayn.com
usmanahmadsaeed.me
www.waferlauncher.com
playground.yogautomo.art
www.yuwari.com
admin.zippelin.com
Other domains in certificate