SSL Certificate Analysis for occam.studio - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=xs800.cc

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 19, 2026

Valid Until

August 17, 2026 55 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E5:1D:FF:AD:FC:1F:C2:E5:E6:96:BA:07:6B:33:10:A4:95:7D:27:E6:C3:69:48:1E:53:03:55:BF:6A:63:99:E3

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

occam.studio *.occam.studio *.amp-fusion.occam.studio *.daisy.occam.studio *.pedro.occam.studio

Other domains in certificate

680052.cc *.680052.cc *.cc.680052.cc

artishock.org *.artishock.org *.demo.artishock.org *.rd.artishock.org *.rdweb.artishock.org

cebt.net *.cebt.net *.sitemap.cebt.net

*.a.fetchasquadsbrief.com *.admin.fetchasquadsbrief.com *.api.fetchasquadsbrief.com *.app.fetchasquadsbrief.com *.cloud.fetchasquadsbrief.com *.demo.fetchasquadsbrief.com *.dev.fetchasquadsbrief.com fetchasquadsbrief.com *.fetchasquadsbrief.com *.fkagoxeaewa.fetchasquadsbrief.com *.rd.fetchasquadsbrief.com *.rds.fetchasquadsbrief.com *.remote.fetchasquadsbrief.com *.staging.fetchasquadsbrief.com *.test.fetchasquadsbrief.com

*.citrix.gyoma.com *.gate.gyoma.com gyoma.com *.gyoma.com

*.dev.marceloperuzzo.com *.m.marceloperuzzo.com *.mail.marceloperuzzo.com marceloperuzzo.com *.marceloperuzzo.com *.remote.marceloperuzzo.com

nuike.com *.nuike.com *.shop.nuike.com *.ww1.nuike.com *.ww25.nuike.com

*.autodiscover.oxorcist.moda oxorcist.moda *.oxorcist.moda *.www.oxorcist.moda

*.contest.padhai.tech *.git.padhai.tech *.gitlab.padhai.tech padhai.tech *.padhai.tech *.quiz.padhai.tech *.quiz2.padhai.tech *.ww25.padhai.tech

*.apps.true-media.com true-media.com *.true-media.com

*.api.vipjogo.bet *.channel.vipjogo.bet *.manage.vipjogo.bet *.promoter.vipjogo.bet vipjogo.bet *.vipjogo.bet

*.pay.vitasurge.shop vitasurge.shop *.vitasurge.shop

*.rds.xn--6frs3jw3x.com *.rdweb.xn--6frs3jw3x.com *.remote.xn--6frs3jw3x.com xn--6frs3jw3x.com *.xn--6frs3jw3x.com

*.hostmaster.xn--8ltr62k.com xn--8ltr62k.com *.xn--8ltr62k.com

*.app.xn--gayrimenkuldanmanlk-t5ce12h.com *.apps.xn--gayrimenkuldanmanlk-t5ce12h.com *.backup.xn--gayrimenkuldanmanlk-t5ce12h.com *.cgtbofln.xn--gayrimenkuldanmanlk-t5ce12h.com *.mail.xn--gayrimenkuldanmanlk-t5ce12h.com *.stg.xn--gayrimenkuldanmanlk-t5ce12h.com *.uat.xn--gayrimenkuldanmanlk-t5ce12h.com xn--gayrimenkuldanmanlk-t5ce12h.com *.xn--gayrimenkuldanmanlk-t5ce12h.com

*.ww17.xs800.cc xs800.cc *.xs800.cc