Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=app.blobautomation.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 31, 2025
Valid Until
January 29, 2026
69 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
5E:A5:6A:F4:61:2D:8F:D3:4B:12:B3:0B:99:A5:E9:F8:17:C2:08:EC:05:EA:66:64:ED:B6:06:D0:79:5E:A1:9B
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
zydusmanthan.com
lamarca.cms-test.2na8.com
account.accountancyawards.ie
actnz.com
dashboard.albird.nl
wallet.allenjoseph.dev
anujkrastogi.com
avk.properties
app.blobautomation.com
www.bolaodosboloes.com
portfolio.brianyang.org
rp2.bte.com.au
support.buddy-media.jp
gcp-us-east1-12.dev.app.carto.com
www.cervonwong.com
mystory.ynet.co.il
collective.video
live.dare2compete.com
www.deblic.com
destechit.com
www.dictallab.com
santacatarina.drtis.com.br
dsautomotive.it
electriccompanytally.com
app.elpais.com
finessepaint.com
www.flype.fi
www.fypfriends.com
garygrade.com
gathertasks.com
golfcash.app
paypal.grandeurnoiretv.com
guitar-practice-journal.com
www.guitar-practice-journal.com
www.harpymotors.com
hems.flights
app.ibelay.com
www.ilboscodialberolungo.it
ilixtech.com
test.admin.billy.inout.money
invisiblebook.org
iskaffe.se
laparaguarecords.com
livres-connect.lauvick.fr
admin.lekkicooperativesociety.com
members.lekkicooperativesociety.com
auth.digital.lesgow.com
lintemporel-event.com
reporte.liventapp.com
www.locationhawk.com
www.frame.lokalebon.nl
n2.lubin.dev
app.mailway.in
cdn.mailway.in
server.makestories.io
www.manuelestefanell.com
www.mogeee.pro
www.nandisoftware.in
sandbox.neoconecta.com
nilszenformdesign.se
www.odafy.com
dev.kairos.omnicon.co
api.dev.ondagoapp.com
gd-api.onthewall.io
onvo-data.com
pawprintpetition.co.nz
pensandball.com
podeperguntar.com
ppkk.fi
qubepcs.com
quicktion.io
www.radiovetlp.com
rashi63.com
admin.rigbox.com
rrdroptaxi.in
salesdelight.ai
admin-dev.serveedo.com
www.shriramnursinghome.com
dev.shrlinks.com
police-eye.sigmacomputers.in
racinglounge.simrace-control.ch
www.starkfabrications.co.za
app-stg-sisagentefb.stigacx-on.com
tracking.superskill.com
el-escondite-del-sabor.tavuel.com
dev-admin.tenis.io
api.testimonial.to
www.thecivet.co.uk
theozarkswealth.com
thinkinglane.com
blooddonors.tntjthiruvarur.com
community.touchbase.id
tractivity.se
tsepas.net
valparaitravels.com
underworlds.vincentnabet.fr
app.staging.weartechclub.com
whatboard.io
imdb.williamking.dev
yavoffice.online
Other domains in certificate