Open
Cached
·
just now
90/100
SECURITY SCORE
Detected Technologies
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 68, 69>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 6, 66, 101, 114, 108, 105, 110>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 14, 67, 104, 97, 114, 108, 111, 116, 116, 101, 110, 98, 117, 114, 103>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=HRA 47592, C=DE, ST=Berlin, L=Berlin, O=Posteo e.K., CN=posteo.de
Issuer
C=US, O=DigiCert Inc, CN=GeoTrust EV RSA CA G2
Valid From
February 18, 2026
Valid Until
February 24, 2027
303 days
Public Key
RSA
3072 bit
Adequate
Signature Algorithm
SHA384-RSA
SHA-256 Fingerprint
67:6F:C4:53:CB:39:04:7C:37:1C:AB:C1:13:79:AA:24:20:33:E3:C6:BD:A5:36:8C:E2:73:74:FE:DF:E4:6E:2F
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Present
accelerometer=(), ambient-light-sensor=(), autoplay=(); +22 more
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Not Authorized
(Potential misconfiguration)
Authorized CAs
Wildcard CAs
Incident Reporting
mailto:[email protected]
CAA Issues
- • CRITICAL: Current certificate issuer 'C=US, O=DigiCert Inc, CN=GeoTrust EV RSA CA G2' is NOT authorized by CAA records. Authorized CAs: certum.pl, d-trust.net, geotrust.com
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement