SSL Certificate Analysis for linktek.cfd - Security Grade & TLS Configuration

Open Cached · just now

76/100 SECURITY SCORE

Detected Technologies

See all in URL Inspect 1

Let's Encrypt

Certificate Information

Subject

CN=optimaloptic.co.uk

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

January 08, 2026

Valid Until

April 08, 2026 45 days

Public Key

RSA 4096 bit Strong

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

AE:96:4A:04:5A:50:6A:5C:DA:28:93:A1:4B:85:91:4F:B2:E3:B3:3F:20:99:45:5C:74:27:85:87:C8:46:CC:9B

Alternative Names

90 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

90 domains

linktek.cfd *.linktek.cfd *.masha-bwi-facebook.linktek.cfd

Other domains in certificate

aicbp.com *.aicbp.com

akhbar.live *.akhbar.live *.tt2.akhbar.live

amazonaschile.com *.amazonaschile.com *.ww25.amazonaschile.com *.ww38.amazonaschile.com

*.appleclouds.blogxi.com blogxi.com *.blogxi.com *.chimeara.blogxi.com *.pennywise.blogxi.com *.random.blogxi.com *.schatzi.blogxi.com *.sterndal.blogxi.com *.whimsical.blogxi.com

cookcountytreasurer.co *.cookcountytreasurer.co *.ww38.cookcountytreasurer.co

gounbroker.net *.gounbroker.net *.ww25.gounbroker.net

hotshopapp.com *.hotshopapp.com *.shop.hotshopapp.com

jenkinswindows.co.uk *.jenkinswindows.co.uk

khuccamta.net *.khuccamta.net *.marketing.khuccamta.net *.www.khuccamta.net

*.atwww.lifesourceonline.com *.comwww.lifesourceonline.com lifesourceonline.com *.lifesourceonline.com *.random.lifesourceonline.com *.sso.lifesourceonline.com *.ww25.lifesourceonline.com *.www.lifesourceonline.com

lineset.co *.lineset.co *.random.lineset.co

optimaloptic.co.uk *.optimaloptic.co.uk

plumbingtradecentre.co.uk *.plumbingtradecentre.co.uk

puzzleracers.co *.puzzleracers.co *.ww25.puzzleracers.co

restaurant-donpablo.com *.restaurant-donpablo.com *.ww25.restaurant-donpablo.com *.ww38.restaurant-donpablo.com

*.charles.sandvich.com *.dev.sandvich.com *.forum.sandvich.com *.image.sandvich.com *.m.sandvich.com *.math.sandvich.com *.mx.sandvich.com *.nhac.sandvich.com *.pool.sandvich.com sandvich.com *.sandvich.com *.travel.sandvich.com *.ww25.sandvich.com *.your.sandvich.com

saruta-kazumi.com *.saruta-kazumi.com *.ww25.saruta-kazumi.com

seaway.org *.seaway.org *.stlawrence.seaway.org

standoutdancewear.co.uk *.standoutdancewear.co.uk

*.development.sukoyaka.life *.staging.sukoyaka.life *.stg-azure.sukoyaka.life sukoyaka.life *.sukoyaka.life

willowdogrescue.co.uk *.willowdogrescue.co.uk

*.ffffffffffff.xlight.org xlight.org *.xlight.org