SSL Certificate Analysis for admin.okcupids.com - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=drdesainj.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 24, 2026

Valid Until

April 24, 2026 62 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

CD:B9:E1:55:3D:73:98:3B:12:FC:19:C9:8B:74:24:CF:0A:A3:66:1A:04:D5:23:0B:91:2C:7D:07:19:81:C6:AE

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

okcupids.com *.okcupids.com *.admin.okcupids.com *.api.okcupids.com *.dev.okcupids.com *.staging.okcupids.com *.ww5.okcupids.com *.ww6.okcupids.com

Other domains in certificate

ata-sec.org *.ata-sec.org

bettingstatistics.com *.bettingstatistics.com *.blog.bettingstatistics.com *.random.bettingstatistics.com *.webmail.bettingstatistics.com

canpingworld.com *.canpingworld.com *.media.canpingworld.com *.random.canpingworld.com *.rv.canpingworld.com *.ww38.canpingworld.com

*.1.cartula.com cartula.com *.cartula.com *.cit.cartula.com *.files.cartula.com *.ww.cartula.com *.ww17.cartula.com *.ww25.cartula.com

cv789.cc *.cv789.cc

drdesainj.com *.drdesainj.com *.loja.drdesainj.com *.www.drdesainj.com

filmyzilla1.info *.filmyzilla1.info

huiles-essentielles.pro *.huiles-essentielles.pro *.m.huiles-essentielles.pro *.smtp.huiles-essentielles.pro

jdsjs7.lol *.jdsjs7.lol

jiwhek.xyz *.jiwhek.xyz *.telam.jiwhek.xyz *.ww25.jiwhek.xyz

kimikado.life *.kimikado.life

*.dialogda.lists.com.au lists.com.au *.lists.com.au

*.random.supergt.com supergt.com *.supergt.com *.test.supergt.com *.ww01.supergt.com

*.com.themobiletraffic.com themobiletraffic.com *.themobiletraffic.com

truckfinance.net.au *.truckfinance.net.au *.ww38.truckfinance.net.au

*.articles.voomera.com *.cms.voomera.com *.drupal.voomera.com *.fb.voomera.com *.med.voomera.com *.members.voomera.com *.portal.voomera.com *.se.voomera.com *.secure.voomera.com *.static.voomera.com voomera.com *.voomera.com

*.accredit.xskj.store *.api.xskj.store *.article.xskj.store *.blog.xskj.store *.jcvyqpay.xskj.store *.openai.xskj.store *.pay.xskj.store *.py.xskj.store *.shop.xskj.store *.wildcard.xskj.store *.ww25.xskj.store xskj.store *.xskj.store *.zy.xskj.store