SSL Certificate Analysis for spafinder.co.uk - Security Grade & TLS Configuration

Open Cached · just now

84/100 SECURITY SCORE

Certificate Information

Subject

CN=www.spafinder.co.uk

Issuer

C=US, O=Let's Encrypt, CN=R12

Valid From

November 27, 2025

Valid Until

February 25, 2026 48 days

Public Key

RSA 3072 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

D3:60:91:D8:F1:DE:7C:1C:32:13:ED:FB:7C:BE:36:0B:DE:D9:9D:25:6B:74:DC:44:17:04:45:F4:0C:24:28:3D

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains;preload

Content-Security-Policy

Basic

default-src; script-src; img-src; +6 more

default-src 'self' data: gap: ws: wss: blob: https://api-js.datadome.co https://*.google-analytics.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.gstatic.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.optimizely.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.typekit.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.quadpay.com https://*.shopperapproved.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.adobeaemcloud.com https://*.smartystreets.com https://*.smarty.com https://*.microsoft.com https://*.wistia.com https://*.wistia.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nr-data.net https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://connect.facebook.net https://*.clarity.ms https://d-ipv6.mmapiws.com https://*.sharpen.cx https://*.sharpencx.com https://*.fortawesome.com https://*.newrelic.com https://*.googleusercontent.com https://*.bing.com https://*.mmapiws.com https://*.posthog.com https://m1.openfpcdn.io https://*.ssl.cf2.rackcdn.com https://js.captcha-display.com https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://*.salecycle.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.tt.omtrdc.net https://*.omnitagjs.com https://*.adgrx.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.listrakbi.com https://*.emjcd.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rakuten.com https://omnicard.com https://www.omnicard.com https://*.rd.linksynergy.com https://www.google.co.in https://t.lt02.net https://cdn.listrakbi.com https://intljs.rmtag.com https://analytics.tiktok.com https://analytics-ipv6.tiktokw.us https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://*.kore.ai https://*.shareasale.com https://*.niceincontact.com https://cdn.jsdelivr.net https://*.adyen.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.sentry.io https://*.wisepops.com https://*.px-cloud.net https://*.px-cdn.net https://*.pxchk.net https://id5-sync.com https://lbs.eu-1-id5-sync.com https://*.wisepops.net https://wisepops.net https://*.ada.support https://testing.conversionteam.com https://api.adtraction.net https://cnv.adt623.net https://log.adtraction.fail;script-src 'self' 'unsafe-inline' 'unsafe-eval' nonce-l-NjL0Hm00yqhriGLLlf8w data: gap: ws: wss: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://device.maxmind.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.microsoft.com https://*.adobeaemcloud.com https://*.adobedtm.com https://cdn.id5-sync.com https://*.demdex.net https://edge.adobedc.net https://unpkg.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://gsap.com https://*.google-analytics.com https://*.trustarc.com https://consent-pref.trustarc.com https://*.cloudflare.com https://*.cloudfront.net https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.smartystreets.com https://*.smarty.com https://*.shopperapproved.com https://*.wistia.com https://*.wistia.net https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://greensock.com https://connect.facebook.net https://*.clarity.ms https://*.sharpen.cx https://use.fonticons.com https://*.newrelic.com https://*.posthog.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://*.criteo.net https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.xg4ken.com https://*.listrakbi.co https://*.sentry-cdn.com https://*.rd.linksynergy.com https://*.googleadservices.com https://*.doubleclick.net https://*.listrakbi.com https://*.googlesyndication.com https://t.lt02.net https://intljs.rmtag.com https://analytics.tiktok.com https://www.redditstatic.com https://pixel-config.reddit.com https://alb.reddit.com https://js.sentry-cdn.com https://*.gstatic.com https://*.shareasale.com https://*.niceincontact.com https://*.wisepops.net https://*.wisepops.com https://wisepops.net https://*.ada.support https://*.kore.ai https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net https://*.px-cloud.net https://valuesportal.com https://cdn.adt348.net https://gtm.adt313.net https://cnv.adt623.net;img-src 'self' data: blob: https://google.com https://*.google.com https://*.google.co.uk https://*.googleapis.com https://*.googletagmanager.com https://*.blackhawknetwork.com https://*.bhn.com https://*.bhn.cards https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.adobeaemcloud.com https://*.adobedtm.com https://id5-sync.com https://p.veritone-ce.com https://ad.yieldlab.net https://*.demdex.net https://edge.adobedc.net https://*.trustarc.com https://consent-pref.trustarc.com https://*.wistia.com https://*.wistia.net https://*.cloudfront.net https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.paypalobjects.com https://*.signifyd.com https://*.riskified.com https://*.sardine.ai https://api.sandbox.sardine.ai https://*.nsureapi.com https://*.forter.com https://*.online-metrix.net https://*.shopperapproved.com https://*.gstatic.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://fpnpmcdn.net https://*.day.com https://greensock.com https://*.clarity.ms https://*.googleusercontent.com https://*.bing.com https://*.cloudflare.com https://*.ssl.cf2.rackcdn.com https://*.google-analytics.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://dd.prod.captcha-delivery.com https://ct.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://data.adxcel-ec2.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.listrakbi.com https://*.bidswitch.net https://*.smartadserver.com https://*.taboola.com https://*.socdm.com https://*.casalemedia.com https://*.dable.io https://*.adingo.jp https://*.360yield.com https://*.media.net https://*.outbrain.com https://*.pubmatic.com https://*.rubiconproject.com https://*.ad.smaato.net https://*.clmbtech.com https://*.3lift.com https://*.1rx.io https://*.adnxs.com https://*.teads.tv https://*.ads.yieldmo.com https://sync.aralego.com https://cdn.aralego.net https://sync.ad-stir.com https://ad.as.amanad.adtdp.com https://*.send.microad.jp https://*.bluekai.com https://creativecdn.com https://sync.targeting.unrulymedia.com https://public-prod-dspcookiematching.dmxleo.com https://*.agkn.com https://*.tpmn.co.kr https://*.tremorhub.com https://*.mediavine.com https://*.liadm.com https://*.postrelease.com https://*.sharethrough.com https://*.mediawallahscript.com https://*.tapad.com https://*.revcontent.com https://*.omnitagjs.com https://*.adgrx.com https://cm.g.doubleclick.net https://sync.srv.stackadapt.com https://sync-tm.everesttech.net https://*.adform.net https://*.simpli.fi https://*.ybp.yahoo.com https://*.turn.com https://*.analytics.yahoo.com https://*.dotomi.com https://*.googleadservices.com https://*.doubleclick.net https://assets.sc-trc.com https://*.xg4ken.com https://*.stickyadstv.com https://*.ads.linkedin.com https://*.dlx.addthis.com https://*.tpmn.io https://*.emxdgt.com https://*.rezync.com https://*.rd.linksynergy.com https://bh.contextweb.com https://sync.crwdcntrl.net https://*.v.fwmrm.net https://ws.rgtrk.eu https://www.google.co.in https://thrtle.com https://a.usbrowserspeed.com https://match.prod.bidr.io https://he.lijit.com https://email.traversedlp.com https://cdn.listrakbi.com https://pixel-config.reddit.com https://alb.reddit.com https://pm.w55c.net https://p.rfihub.com https://pippio.com https://sync.graph.bluecava.com https://*.thebrighttag.com https://mid.rkdms.com https://*.redinuid.imrworldwide.com https://*.disqus.com https://*.lijit.com https://*.springserve.com https://*.kore.ai https://*.shareasale.com https://*.nimbledeals.com https://*.adyen.com https://*.ada.support https://*.klarna.com https://cdn.valuesportal.com https://log.adtraction.fail;frame-ancestors 'self' https://*.paypal.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.adobedtm.com https://*.giftcardsstage.com;style-src 'self' data: blob: https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.googleapis.com https://*.googletagmanager.com https://google.com https://*.google.com https://*.typekit.net https://*.gstatic.com https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.shopperapproved.com https://greensock.com https://egift.activationspot.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://*.sharpen.cx https://use.fonticons.com https://*.fortawesome.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.rokt.com https://cdn.pdst.fm https://tag.rmp.rakuten.com https://bat.bing.com https://*.adsrvr.org https://shop.pe https://shopper.shop.pe https://app.shop.pe https://addshoppers.s3.amazonaws.com https://facebook.com https://www.facebook.com https://pixels.spotify.com https://*.linksynergy.com https://resources.xg4ken.com https://*.criteo.com https://manage.safeopt.com https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.googleadservices.com https://*.doubleclick.net https://cdn.listrakbi.com https://*.niceincontact.com https://*.ada.support https://*.adyen.com https://*.klarna.com https://*.klarnacdn.net 'unsafe-inline';frame-src 'self' https://*.paypal.com https://*.cdn-apple.com https://*.zip.co https://*.quadpay.com https://*.giftcards.com https://giftcards.com https://*.giftcards.ca https://giftcards.ca https://*.preprodhawkcommerce.com https://*.giftcardsstage.com https://egift.activationspot.com https://*.blackhawknetwork.com https://egiftpp.blackhawknetwork.com https://egift.certification.blackhawknetwork.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.nsureapi.com https://api.sardine.ai https://www.securesuite.co.uk https://www.rsa3dsauth.co.uk https://api.sandbox.sardine.ai https://pay.google.com https://collect.giftcards.com https://*.wistia.com https://*.wistia.net https://*.adobeaemcloud.com https://consent-pref.trustarc.com https://*.google.com https://google.com https://connect.facebook.net https://www.facebook.com https://*.sharpen.cx https://*.paypalobjects.com https://js.captcha-display.com https://js.datadome.co https://api-js.datadome.co https://geo.captcha-delivery.com https://ucarecdn.com https://upload.uploadcare.com https://social.uploadcare.com https://*.salecycle.com https://*.adsrvr.org https://nytrng.com https://idsync.rlcdn.com https://d16fk4ms6rqz1v.cloudfront.net https://*.linksynergy.com https://*.criteo.com https://*.criteo.net https://*.rokt.com https://*.googleadservices.com https://*.doubleclick.net https://*.emjcd.com https://fpt.dfp.microsoft.com https://*.googletagmanager.com https://*.adyen.com https://*.klarna.com https://*.niceincontact.com https://*.klarnaservices.com https://*.arcot.com https://*.icicibank.com https://*.klarnacdn.net https://*.ada.support data: blob:;worker-src 'self' https://*.adobeaemcloud.com https://*.adobedtm.com https://*.demdex.net https://edge.adobedc.net https://*.adyen.com https://*.klarna.com data: blob:;object-src 'none';base-uri 'self';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

2 domains

spafinder.co.uk www.spafinder.co.uk