Open
Cached
·
just now
76/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
CN=rechtsanwaelte-dietz.de
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
January 14, 2026
Valid Until
April 14, 2026
56 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
1B:47:3E:BE:8D:5D:FC:D1:61:CB:AA:A1:9F:28:3E:59:B2:3C:9C:84:3B:88:66:BC:1A:C5:45:8D:2D:D2:3B:54
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
bitsimcard.com
*.bitsimcard.com
*.ci.bitsimcard.com
*.cicd.bitsimcard.com
*.jenkins.bitsimcard.com
*.pipeline.bitsimcard.com
*.random.bitsimcard.com
alexanderhamiltoninstitute.org
*.alexanderhamiltoninstitute.org
*.random.alexanderhamiltoninstitute.org
aussieyard.au
*.aussieyard.au
carecredict.com
*.carecredict.com
*.poc.carecredict.com
*.ww.carecredict.com
*.ww1.carecredict.com
chapelhillinternalmedicine.com
*.chapelhillinternalmedicine.com
*.pipeline.chapelhillinternalmedicine.com
*.w.chapelhillinternalmedicine.com
*.ww6.chapelhillinternalmedicine.com
coffeeorders.net
*.coffeeorders.net
*.coffeesorders.coffeeorders.net
*.academy.doc-lang.com
doc-lang.com
*.doc-lang.com
*.fake.doc-lang.com
*.test.doc-lang.com
*.usa.doc-lang.com
*.vds.doc-lang.com
*.vids.doc-lang.com
*.cicd.fivenineclimber.com
fivenineclimber.com
*.fivenineclimber.com
*.ww31.fivenineclimber.com
golden-palast.de
*.golden-palast.de
hendersons.group
*.hendersons.group
ipv.com.au
*.ipv.com.au
*.random.ipv.com.au
*.admin.lucamobile.co.uk
lucamobile.co.uk
*.lucamobile.co.uk
mpb.services
*.mpb.services
*.ci.myreadinglabs.com
*.jenkins.myreadinglabs.com
myreadinglabs.com
*.myreadinglabs.com
*.pipeline.myreadinglabs.com
*.cicd.mytransexualdate.com
mytransexualdate.com
*.mytransexualdate.com
netpaydayadvance.com
*.netpaydayadvance.com
*.pipeline.netpaydayadvance.com
*.random.netpaydayadvance.com
*.secure.netpaydayadvance.com
perfumestore.com.au
*.perfumestore.com.au
*.random.perfumestore.com.au
pucca.live
*.pucca.live
rechtsanwaelte-dietz.de
*.rechtsanwaelte-dietz.de
*.cpanel.searchebook.club
*.cpcalendars.searchebook.club
*.cpcontacts.searchebook.club
*.hostmaster.searchebook.club
*.mail.searchebook.club
searchebook.club
*.searchebook.club
*.webdisk.searchebook.club
*.webmail.searchebook.club
*.www.searchebook.club
*.insight.super-remedios.com
*.jenkins.super-remedios.com
*.random.super-remedios.com
super-remedios.com
*.super-remedios.com
theultimatedanielfast.com
*.theultimatedanielfast.com
*.l1wr6ke1f86v.tra97fn35n5brvxki5sj8x5x34k2t4d67j883fgt.xyz
*.l1wr6ke1f86vdswafv9sf5m27k2m862.tra97fn35n5brvxki5sj8x5x34k2t4d67j883fgt.xyz
tra97fn35n5brvxki5sj8x5x34k2t4d67j883fgt.xyz
*.tra97fn35n5brvxki5sj8x5x34k2t4d67j883fgt.xyz
Other domains in certificate