SSL Certificate Analysis for aldi-sued.de - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

C=DE, L=Mülheim an der Ruhr, O=ALDI International Services SE & Co. oHG, CN=www.aldi-sued.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1

Valid From

July 16, 2025

Valid Until

July 15, 2026 182 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

6A:98:39:F0:F8:2E:7B:B5:23:A7:45:B4:3E:05:D1:5A:30:71:25:1B:2E:DD:CD:5A:43:7E:DF:74:68:41:09:92

Alternative Names

15 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=63072000; includeSubdomains;

Content-Security-Policy

Basic

script-src; object-src; connect-src; +5 more

script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.iesnare.com appleid.cdn-apple.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com js-cdn.dynatrace.com static.lightning.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com secure.force.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com *.googletagmanager.com *.bing.com *.adsrvr.org *.googleadservices.com *.google.de *.doubleclick.com; object-src 'none'; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://bf51204epo.bf.dynatrace.com/bf eu36.salesforce.com int-crm.my.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com service.force.com *.salesforceliveagent.com *.googleapis.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com *.googletagmanager.com *.bing.com *.adsrvr.org *.googleadservices.com *.google.de *.google.com *.doubleclick.com *.doubleclick.net *.googlesyndication.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu; style-src 'self' 'unsafe-inline' *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com static.lightning.force.com secure.force.com *.salesforceliveagent.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com *.gstatic.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://external-content.aldi-sued.de eu36.salesforce.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com hofer.force.com *.salesforce-sites.com *.salesforce.com *.googletagmanager.com *.bing.com *.adsrvr.org *.questback.com *.doubleclick.net; worker-src 'self' blob:; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com https://aldigo.aldi-sued.de https://virtueller-rundgang.aldi-sued.de

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

letsencrypt.org pki.goog globalsign.com digicert.com amazon.com

Wildcard CAs

globalsign.com amazon.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• You have authorized 5 CAs - consider limiting to only the CAs you actively use
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

15 domains

aldi-sued.de www.aldi-sued.de

Other domains in certificate

www.aldi-sued.com

aldi-suisse.ch www.aldi-suisse.ch

aldi.ch www.aldi.ch

aldi.hu www.aldi.hu

aldi.it www.aldi.it

hofer.at www.hofer.at

hofer.si www.hofer.si