SSL Certificate Analysis for clickhead.me - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Certificate Information

Subject

CN=bitwit.studio

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 18, 2025

Valid Until

March 18, 2026 53 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A9:2D:3D:55:94:51:4D:F3:00:44:BC:BB:E9:EE:81:F4:7D:55:45:3F:25:D8:A7:45:39:30:D1:DB:7E:BE:88:1D

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

clickhead.me *.clickhead.me *.api.clickhead.me

Other domains in certificate

36444.bet *.36444.bet

aetherium.club *.aetherium.club *.api.aetherium.club *.cdn.aetherium.club *.dash.aetherium.club *.internal.aetherium.club *.nanovg.aetherium.club *.staging-v2.aetherium.club *.v2.aetherium.club

analporn.work *.analporn.work

*.api.bitwit.studio bitwit.studio *.bitwit.studio

borwap.click *.borwap.click

*.95c32ceb-caf1-4a73-87a2-f2d17118c797.coinexx.io *.agent.coinexx.io coinexx.io *.coinexx.io *.dashboard.coinexx.io *.m.coinexx.io *.mail.coinexx.io *.panel.coinexx.io *.test.coinexx.io

*.amazon.connect-tools.net connect-tools.net *.connect-tools.net *.qww25.connect-tools.net *.ww38.connect-tools.net

cwmaoccb.top *.cwmaoccb.top

*.analytic.elbenchmarking.online *.app.elbenchmarking.online *.autodiscover.elbenchmarking.online *.cpcalendars.elbenchmarking.online elbenchmarking.online *.elbenchmarking.online *.eqrzv7r5bjoub94j.elbenchmarking.online *.random.elbenchmarking.online *.webdisk.elbenchmarking.online *.website.elbenchmarking.online

*.anzhuo.fouz.studio fouz.studio *.fouz.studio *.sitemap.fouz.studio *.sitemaps.fouz.studio

hongtaokeke.cc *.hongtaokeke.cc

metal-roofing-sheets.com *.metal-roofing-sheets.com

metalsandwichpanels.net *.metalsandwichpanels.net

*.antispam.muscet.info *.hostmaster.muscet.info muscet.info *.muscet.info

*.antispam.ostellocoli.info ostellocoli.info *.ostellocoli.info

piniiink-shares.com *.piniiink-shares.com

*.checkout.soptok.org *.jolsiri.soptok.org *.magazine.soptok.org *.magura.soptok.org soptok.org *.soptok.org *.ww38.soptok.org

x2it34p6w46o.top *.x2it34p6w46o.top

xfantazy.casa *.xfantazy.casa

*.demo.xvideoshot.me *.ww16.xvideoshot.me *.ww25.xvideoshot.me xvideoshot.me *.xvideoshot.me

*.analytics.xxoomm.xyz *.ww25.xxoomm.xyz *.ww38.xxoomm.xyz xxoomm.xyz *.xxoomm.xyz

yanjiuso.cc *.yanjiuso.cc