SSL Certificate Analysis for www.fassi.live - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=betpark1038.com

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

December 03, 2025

Valid Until

March 03, 2026 44 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

57:90:5F:09:CA:BE:36:12:44:53:E7:FA:0E:C6:B8:83:8D:4F:E7:09:65:D3:1D:4B:6F:26:76:B6:45:6A:C4:C5

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

fassi.live *.fassi.live

Other domains in certificate

5mre.sbs *.5mre.sbs *.au.5mre.sbs *.e.5mre.sbs *.gv.5mre.sbs *.jp.5mre.sbs

betpark1038.com *.betpark1038.com *.www.betpark1038.com

*.assets.bowap.net bowap.net *.bowap.net *.exchangecorp.bowap.net *.gate.bowap.net *.https.bowap.net *.m.bowap.net *.ww1.bowap.net *.ww25.bowap.net

corporatescent.com *.corporatescent.com

*.acrisuresouth.emplyeenavigator.com emplyeenavigator.com *.emplyeenavigator.com *.hallbergmarine.emplyeenavigator.com *.hub.emplyeenavigator.com *.ioa.emplyeenavigator.com *.ww38.emplyeenavigator.com

floryday.com.au *.floryday.com.au *.jenkins.floryday.com.au *.pipeline.floryday.com.au *.superset.floryday.com.au *.ww38.floryday.com.au

giftcenter.app *.giftcenter.app

kodpung88.app *.kodpung88.app

layerbrett.app *.layerbrett.app

*.56984.lllllllllll.ru *.69815.lllllllllll.ru *.amelia.lllllllllll.ru *.emma.lllllllllll.ru *.inga.lllllllllll.ru *.lauma.lllllllllll.ru *.lllllllllll.lllllllllll.ru lllllllllll.ru *.lllllllllll.ru *.mara.lllllllllll.ru *.mary86.lllllllllll.ru *.random.lllllllllll.ru *.rico.lllllllllll.ru *.sofia.lllllllllll.ru

mangoflix.app *.mangoflix.app

nightflix.app *.nightflix.app

ogjankking.top *.ogjankking.top

owfnrozcfh.top *.owfnrozcfh.top

*.ffgarena.resepkoki.net *.panel.resepkoki.net resepkoki.net *.resepkoki.net *.ww17.resepkoki.net

scentography.com *.scentography.com

seemydocs.online *.seemydocs.online

skystream.live *.skystream.live *.ww38.skystream.live

telelatino-pro.app *.telelatino-pro.app

*.ecoworld.theopenspace.io *.play.theopenspace.io *.play1.theopenspace.io *.play3.theopenspace.io *.server.theopenspace.io theopenspace.io *.theopenspace.io *.whitepaper.theopenspace.io *.ww12.theopenspace.io *.ww38.theopenspace.io *.ww99.theopenspace.io *.www.theopenspace.io