Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=apfelkekse.de
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
May 11, 2026
Valid Until
August 09, 2026
73 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
61:A2:C7:E4:2D:BD:E9:80:21:E8:47:30:BA:CB:F6:48:A3:B4:56:D0:51:71:92:A7:C5:8E:5A:C4:72:90:69:87
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
bnp-bd.com
*.bnp-bd.com
*.ww38.bnp-bd.com
apfelkekse.de
*.apfelkekse.de
coffey2010.com
*.coffey2010.com
*.random.coffey2010.com
*.xhr.coffey2010.com
deltavactions.com
*.deltavactions.com
*.ms1.deltavactions.com
*.random.deltavactions.com
*.reserve2.deltavactions.com
*.shop.deltavactions.com
enterpriseforumpittsburgh.com
*.enterpriseforumpittsburgh.com
*.ww38.enterpriseforumpittsburgh.com
epsnet.org
*.epsnet.org
fidelitychartible.org
*.fidelitychartible.org
*.ww16.fidelitychartible.org
*.ww25.fidelitychartible.org
*.ww38.fidelitychartible.org
gardenatthecellar.com
*.gardenatthecellar.com
*.262222.go4teams.com
*.blog.go4teams.com
go4teams.com
*.go4teams.com
*.random.go4teams.com
golfcars.au
*.golfcars.au
keepermusic.com
*.keepermusic.com
*.ww38.keepermusic.com
lederrock.de
*.lederrock.de
*.bg.pattern-recognition-in-physics.com
*.el.pattern-recognition-in-physics.com
*.fi.pattern-recognition-in-physics.com
pattern-recognition-in-physics.com
*.pattern-recognition-in-physics.com
*.ro.pattern-recognition-in-physics.com
*.lzw.playtales.com
*.oldmail.playtales.com
playtales.com
*.playtales.com
*.ww38.playtales.com
*.ww7.playtales.com
*.newman-build.qmqo.com
qmqo.com
*.qmqo.com
sarajevo.cz
*.sarajevo.cz
sportmittelschule.de
*.sportmittelschule.de
*.hotstardownloadapps.swatroundup.net
*.random.swatroundup.net
*.shorinjikempohollywood.swatroundup.net
swatroundup.net
*.swatroundup.net
tangaarsch.de
*.tangaarsch.de
ultralottery.com
*.ultralottery.com
*.website.ultralottery.com
venolen.de
*.venolen.de
*.random.washingtonsworld.org
washingtonsworld.org
*.washingtonsworld.org
*.www.washingtonsworld.org
weedcontrol.de
*.weedcontrol.de
*.email.wolfeauction.com
*.smtpauth.wolfeauction.com
wolfeauction.com
*.wolfeauction.com
*.ww17.wolfeauction.com
worldcup-miyagi.com
*.worldcup-miyagi.com
*.ww38.worldcup-miyagi.com
www-kreditkarte.de
*.www-kreditkarte.de
wwweucerin.de
*.wwweucerin.de
xn--sprachentwicklungsstrung-4oc.de
*.xn--sprachentwicklungsstrung-4oc.de
Other domains in certificate