SSL Certificate Analysis for dev.0kpay.io - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=productgroup.xyz

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

April 29, 2026

Valid Until

July 28, 2026 79 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

CE:EA:54:77:E7:71:28:89:30:30:38:FA:4E:08:09:74:4C:FE:5C:7A:61:EB:B8:1F:FF:82:FF:87:89:91:20:24

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

0kpay.io *.0kpay.io *.api.0kpay.io *.dev.0kpay.io

Other domains in certificate

147-258-369.com *.147-258-369.com *.hostmaster.147-258-369.com *.m.147-258-369.com *.mail.147-258-369.com

91cangku1.top *.91cangku1.top *.com.91cangku1.top *.fun.91cangku1.top *.info.91cangku1.top *.vom.91cangku1.top *.wwwhttps.91cangku1.top

*.api.direzionale.com *.dev.direzionale.com direzionale.com *.direzionale.com *.mail.direzionale.com *.random.direzionale.com *.test.direzionale.com *.ww16.direzionale.com *.ww25.direzionale.com

dnxkgy524640.top *.dnxkgy524640.top *.gqv1dyvd20260020046dy.dnxkgy524640.top *.ypidq1do20260020087dy.dnxkgy524640.top

financialpowerhouse.org *.financialpowerhouse.org

gooner.lol *.gooner.lol

*.hostmaster.namingbrands.com namingbrands.com *.namingbrands.com

*.acceso.panther.it *.analytics.panther.it *.correo.panther.it *.desktop.panther.it *.exch2016.panther.it *.mx001.panther.it *.mywebmail.panther.it panther.it *.panther.it *.pop.panther.it *.rds.panther.it *.smtpa.panther.it *.sslvpn.panther.it *.virtualapps.panther.it *.vpn2.panther.it

povere.com *.povere.com

*.animals-travel.pristiupnerides.com *.billing.pristiupnerides.com *.citilink.pristiupnerides.com *.cloud.pristiupnerides.com *.files.pristiupnerides.com *.images.pristiupnerides.com *.irr.pristiupnerides.com *.mx.pristiupnerides.com *.ns.pristiupnerides.com *.optimabank.pristiupnerides.com pristiupnerides.com *.pristiupnerides.com *.public.pristiupnerides.com *.tbank.pristiupnerides.com *.wzhpxcpanel.pristiupnerides.com *.yxwsmyupbyalemtat.pristiupnerides.com

*.aqzmk.productgroup.xyz *.dwij7.productgroup.xyz *.g89kw.productgroup.xyz productgroup.xyz *.productgroup.xyz *.qpuov.productgroup.xyz *.rczhl.productgroup.xyz *.u46cv.productgroup.xyz *.x7pal.productgroup.xyz *.xbh6h.productgroup.xyz *.y04uw.productgroup.xyz *.z4r76.productgroup.xyz

*.sitemaps.trendfinance.pro *.test.trendfinance.pro trendfinance.pro *.trendfinance.pro

*.sitemap.vangvn.org vangvn.org *.vangvn.org

xn--hr24-5qa.info *.xn--hr24-5qa.info