Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
CN=app.okkami.com
Issuer
C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com RSA SSL subCA
Valid From
December 05, 2025
Valid Until
October 14, 2026
261 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3D:51:D0:74:20:9D:07:17:4F:BB:4B:9E:E1:72:ED:40:8E:37:7E:F5:A0:AD:EB:DF:D2:2F:A6:C0:41:B2:69:77
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=604800
Content-Security-Policy
Basic
default-src; frame-ancestors; img-src; +1 more
default-src blob: data: fingi-development.s3-accelerate.amazonaws.com fingi.s3-accelerate.amazonaws.com fingi.s3.amazonaws.com *.froala.com *.googleapis.com *.gstatic.com *.line.me *.pusher.com *.pusherapp.com *.smooch.io *.typekit.net *.unlayer.com 'self' 'unsafe-eval' 'unsafe-inline' okkami-data.s3-ap-southeast-1.amazonaws.com okkami-edm-develop.s3.ap-southeast-1.amazonaws.com okkami-property-develop.s3.amazonaws.com okkami-web-fonts.s3.ap-southeast-1.amazonaws.com okkami.instatus.com property-guest-services.s3.amazonaws.com res.cloudinary.com wss: fingi.s3.ap-southeast-1.amazonaws.com fingi.s3-ap-southeast-1.amazonaws.com okkami-data.s3.amazonaws.com okkami-data.s3-accelerate.amazonaws.com okkami-data.s3.ap-southeast-1.amazonaws.com okkami-edm.s3.amazonaws.com okkami-edm.s3-accelerate.amazonaws.com okkami-edm.s3.ap-southeast-1.amazonaws.com okkami-edm.s3-ap-southeast-1.amazonaws.com okkami-property.s3.amazonaws.com okkami-property.s3-accelerate.amazonaws.com okkami-property.s3.ap-southeast-1.amazonaws.com okkami-property.s3-ap-southeast-1.amazonaws.com okkami-brand.s3.amazonaws.com okkami-brand.s3-accelerate.amazonaws.com okkami-brand.s3.ap-southeast-1.amazonaws.com okkami-brand.s3-ap-southeast-1.amazonaws.com okkami-web-fonts.s3.amazonaws.com okkami-web-fonts.s3-accelerate.amazonaws.com okkami-web-fonts.s3-ap-southeast-1.amazonaws.com *.facebook.net *.facebook.com *.google.com *.line-scdn.net *.fbsbx.com *.gravatar.com *.anantara.com *.fbcdn.net evermoreresort.com *.evermoreresort.com *.pantheonsite.io *.stripe.com *.googletagmanager.com *.google-analytics.com; frame-ancestors "" 'self'; img-src 'self' https: data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.froala.com *.googleapis.com *.gstatic.com *.pusher.com *.pusherapp.com *.smooch.io *.unlayer.com okkami-data.s3-ap-southeast-1.amazonaws.com fingi.s3-accelerate.amazonaws.com fingi-development.s3-accelerate.amazonaws.com okkami.instatus.com fingi.s3.us-east-1.amazonaws.com fingi.s3.amazonaws.com fingi.s3.ap-southeast-1.amazonaws.com fingi.s3-ap-southeast-1.amazonaws.com okkami-data.s3.amazonaws.com okkami-data.s3-accelerate.amazonaws.com okkami-data.s3.ap-southeast-1.amazonaws.com okkami-edm.s3.amazonaws.com okkami-edm.s3-accelerate.amazonaws.com okkami-edm.s3.ap-southeast-1.amazonaws.com okkami-edm.s3-ap-southeast-1.amazonaws.com okkami-property.s3.amazonaws.com okkami-property.s3-accelerate.amazonaws.com okkami-property.s3.ap-southeast-1.amazonaws.com okkami-property.s3-ap-southeast-1.amazonaws.com okkami-brand.s3.amazonaws.com okkami-brand.s3-accelerate.amazonaws.com okkami-brand.s3.ap-southeast-1.amazonaws.com okkami-brand.s3-ap-southeast-1.amazonaws.com okkami-web-fonts.s3.amazonaws.com okkami-web-fonts.s3-accelerate.amazonaws.com okkami-web-fonts.s3.ap-southeast-1.amazonaws.com okkami-web-fonts.s3-ap-southeast-1.amazonaws.com *.facebook.net *.facebook.com *.google.com *.line-scdn.net *.fbsbx.com *.gravatar.com *.anantara.com *.fbcdn.net evermoreresort.com *.evermoreresort.com *.pantheonsite.io *.stripe.com *.googletagmanager.com *.google-analytics.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin-when-cross-origin, strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
28 domains
app.aman.com
app.adlibhotels.co
app.anantara.com
app.avanihotels.com
app.chatrium.com
app.dusit.com
portal.dusit.com
staff.evermoreresort.com
app.janu.com
app.jonohotels.com
app.minorhotels.com
app.nh-hotels.com
app.oakshotels.com
api.aws-production.okkami.com
api.okkami.com
app.aws-production.okkami.com
app.okkami.com
infovalue.okkami.com
okkami.onyx-hospitality.com
app.pimalai.com
app.pprincess.com
app.realtimevenue.com
app.sixsenses.com
okkami.standardhotels.com
app.tavistockhotelcollection.com
portal.thegeorgetelaviv.com
app.thelargo.com
guest-app.themulia.com
Other domains in certificate