SSL Certificate Analysis for cfresearch.co - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt Active incidents

Certificate Information

Subject

CN=cfresearch.co

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

May 18, 2026

Valid Until

August 16, 2026 51 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

6A:EA:37:89:A5:2E:C0:BA:C5:53:27:11:FE:D1:A5:5A:D5:04:C5:7D:11:A4:17:49:EF:8B:06:12:E8:D8:D5:95

Alternative Names

89 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

89 domains

cfresearch.co *.cfresearch.co

Other domains in certificate

champion-games.bet *.champion-games.bet

citracommunications.co *.citracommunications.co

cmovie.co *.cmovie.co

coeak.cn *.coeak.cn

contentbase.co *.contentbase.co

crrwasteservices.co *.crrwasteservices.co

cruisingcams.co *.cruisingcams.co

diamxnd.co *.diamxnd.co

dramaindo.co *.dramaindo.co

eduraka.co *.eduraka.co

eggparlor.co *.eggparlor.co

englishworklearn.co *.englishworklearn.co

ezfrags.co *.ezfrags.co

flourtech.info *.flourtech.info

fordpartner.co *.fordpartner.co

foreclosurehimes.co *.foreclosurehimes.co

foreverathlete.co *.foreverathlete.co

freephonenum.co *.freephonenum.co

g2gwin88.bet *.g2gwin88.bet

ggjsl.cn *.ggjsl.cn

*.1.goojra.to goojra.to *.goojra.to *.wildcard.goojra.to *.ww1.goojra.to *.ww25.goojra.to *.ww38.goojra.to

gulpcvv.co *.gulpcvv.co

hamsiaxi.co *.hamsiaxi.co

hoail.co *.hoail.co

hookfish.co *.hookfish.co

horizonlux.co *.horizonlux.co

mangahasu.com *.mangahasu.com

medical-travel.co *.medical-travel.co

mentorday.co *.mentorday.co

michellecdesign.info *.michellecdesign.info

mjreg.co *.mjreg.co

mojobranding.co *.mojobranding.co

moliad.com *.moliad.com

morsum.co *.morsum.co

movies21.co *.movies21.co

mymine.digital *.mymine.digital

naketeroutedna.sbs *.naketeroutedna.sbs

neoenergia.co *.neoenergia.co

newmakes.com *.newmakes.com

nice-apparels.com *.nice-apparels.com

noelmiller.co *.noelmiller.co