SSL Certificate Analysis for linkmobility.com - Security Grade & TLS Configuration

Open Cached · just now

95/100 SECURITY SCORE

Certificate Information

Subject

CN=linkmobility.com

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

December 19, 2025

Valid Until

March 19, 2026 53 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

7E:18:18:CE:9E:EB:BA:0B:46:AE:DF:2D:EA:6F:66:B3:71:3A:BC:DD:59:53:3E:C9:AB:81:8D:14:71:36:51:32

Alternative Names

1 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=63072000; includeSubDomains; preload

Content-Security-Policy

Good

default-src; base-uri; frame-ancestors; +9 more

default-src 'self'; base-uri 'self'; frame-ancestors 'self' https://storyblok.com https://app.storyblok.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://sdk.companywebcast.com https://vercel.live https://consentcdn.cookiebot.com https://forms.hsforms.com https://www.youtube-nocookie.com; img-src 'self' data: blob: https://a.storyblok.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googlesyndication.com https://*.cookiebot.com https://*.hsforms.com https://googleads.g.doubleclick.net https://www.facebook.com https://res.xenioo.com https://store.xenioo.com https://www.youtube-nocookie.com https://*.lfeeder.com https://analytics.google.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com; media-src 'self' data: blob: https://a.storyblok.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; font-src 'self' data: https://link-next-sb-api-v2-git-main-d68029-linkmobility-global-website.vercel.app https://www.googletagmanager.com https://fonts.gstatic.com https://res.xenioo.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://link-next-sb-api-v2-git-main-d68029-linkmobility-global-website.vercel.app https://fonts.googleapis.com https://res.xenioo.com https://store.xenioo.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' https://code.createjs.com https://plausible.io https://vercel.live https://consent.cookiebot.com https://a.storyblok.com https://app.storyblok.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://www.gstatic.com https://link-next-sb-api-v2-git-main-d68029-linkmobility-global-website.vercel.app https://js.hsforms.net https://sc.lfeeder.com https://www.google.com https://*.google.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://connect.facebook.net https://www.googleadservices.com https://snap.licdn.com https://bat.bing.com https://res.xenioo.com https://www.youtube-nocookie.com https://*.linkedin.com; connect-src 'self' https://*.storyblok.com https://a.storyblok.com https://app.storyblok.com https://link-next-sb-api-v2-git-main-d68029-linkmobility-global-website.vercel.app https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://analytics.google.com https://*.googlesyndication.com https://*.google-analytics.com https://plausible.io https://forms.hsforms.com https://*.s3.amazonaws.com https://www.google.com https://www.googleadservices.com https://www.google.pl https://googleads.g.doubleclick.net https://routing.mylinkconnect.com https://routing.xenioo.com https://www.youtube-nocookie.com https://*.linkedin.com https://www.googletagmanager.com; frame-src https://*.storyblok.com https://storyblok.com https://app.storyblok.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://sdk.companywebcast.com https://vercel.live https://consentcdn.cookiebot.com https://forms.hsforms.com https://www.youtube-nocookie.com https://*.linkedin.com; object-src 'self' https://a.storyblok.com; form-action 'self' https://forms.hsforms.com

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

camera=(), microphone=(), geolocation=(), payment=(), usb=(), browsing-topics=()

Recommendations

• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

sectigo.com amazon.com letsencrypt.org

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
• Consider adding 'issuewild' records to control wildcard certificate issuance

Subject Alternative Names

1 domain

linkmobility.com