SSL Certificate Analysis for aau.dk - Security Grade & TLS Configuration

Open Cached · just now

93/100 SECURITY SCORE

Certificate Information

Subject

CN=aau.dk

Issuer

C=US, O=Let's Encrypt, CN=R13

Valid From

November 17, 2025

Valid Until

February 15, 2026 74 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

A9:AB:90:B4:95:81:84:0F:EE:57:B3:77:B5:4A:7D:63:17:58:5D:3D:2D:E9:2F:CE:19:B4:E0:43:2A:9D:66:FD

Alternative Names

2 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=15768000; includeSubdomains; preload;

Content-Security-Policy

Good

default-src; font-src; script-src; +7 more

default-src 'self' https://*.aau.dk https://*.azurewebsites.net https://*.dropbox.com https://*.dropboxusercontent.com https://podcastpusher.com https://*.doubleclick.net https://*.fonts.net https://*.linkedin.com https://*.facebook.com https://*.snapchat.com https://*.google.com https://*.youtube.com https://*.twitter.com https://*.survey-xact.dk https://*.microsoftonline.com https://*.office.com https://*.gstatic.com https://*.cookieinformation.com; font-src 'self' data: fonts.gstatic.com; script-src https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://www.googletagmanager.com/ https://www.youtube-nocookie.com 'self' 'unsafe-inline' https://*.scratcher.io https://*.elfsightcdn.com https://*.snapchat.com https://*.readpeak.com https://*.sc-static.net https://*.licdn.com https://*.google.com https://*.googleapis.com https://*.elfsight.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.net https://*.twitter.com https://*.cookieinformation.com https://*.youtube.com https://*.vimeo.com; connect-src https://widget-data.service.elfsight.com https://core.service.elfsight.com https://public-eur.mkt.dynamics.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/ https://assets-eur.mkt.dynamics.com/ 'self' wss://aau-its-caai-shared-haandbog-prod.azurewebsites.net/ https://prod-aaudxp-vacancy-app.azurewebsites.net/ wss://aau-its-caai-studieservice-adgangstjek-prod.azurewebsites.net https://*.azurewebsites.net https://*.elfsightcdn.com https://*.aau.dk https://*.licdn.com https://*.linkedin.com https://*.google.com https://*.doubleclick.net https://*.snapchat.com https://*.oribi.io https://*.analytics.google.com https://*.googleapis.com https://*.elfsight.com https://*.google-analytics.com https://*.cookieinformation.com; img-src 'self' data: image/* https://*.aau.dk https://*.plan2learn.dk https://*.elfsight.com https://*.linkedin.com https://*.licdn.com https://*.googletagmanager.com https://*.google-analytics.com https://*.taboola.com https://*.doubleclick.net https://*.adnxs.com https://*.readpeak.com https://*.google.dk https://*.gstatic.com https://*.dropbox.com https://*.dropboxusercontent.com https://*.google.com https://*.twimg.com https://*.facebook.com https://*.vimeocdn.com https://*.ytimg.com https://*.youtube.com https://*.googleapis.com https://*.elfsightcdn.com; frame-src https://vimeo.com https://*.vimeo.com https://kuula.co https://madsheiselberg.github.io https://copilotstudio.preview.microsoft.com https://login.windows.net/ https://aaublanketterdev.powerappsportals.com/ http://mfc-print03.aau.dk https://assets-eur.mkt.dynamics.com/ https://serviceinfo.dk 'self' https://www.youtube-nocookie.com/ https://public-eur.mkt.dynamics.com https://*.geckobooking.dk https://*.powerapps.com https://cobe.dk https://*.powerbi.com https://*.scratcher.io https://*.youtube.com https://*.plandisc.com https://*.moodle.aau.dk https://*.matterport.com https://*.microsoftonline.com https://*.360company.dk https://*.snapchat.com https://*.spotify.com https://*.google.com https://*.vercel.app https://*.libraryh3lp.com https://*.aau.dk https://*.facebook.com https://*.survey-xact.dk https://*.office.com https://*.kuula.co https://*.cookieinformation.com ; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com; base-uri 'self'; form-action 'self' https://*.facebook.com; frame-ancestors 'none';

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Present

no-referrer, strict-origin-when-cross-origin

Permissions-Policy

Present

geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Strengthen CSP by removing 'unsafe-eval'

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

godaddy.com letsencrypt.org

Wildcard CAs

godaddy.com letsencrypt.org

Recommendations

• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

2 domains

aau.dk www.aau.dk