Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
CN=www.zahnaerzte-kroker.de
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
September 30, 2025
Valid Until
December 29, 2025
40 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
02:C1:C2:08:FB:A7:E6:4F:D5:66:9D:6C:80:BE:38:8E:1B:01:3B:C5:C2:B0:20:EF:EE:E4:9F:D3:E5:61:2B:EA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000 ; includeSubDomains
Content-Security-Policy
Basic
default-src; script-src; style-src; +7 more
default-src 'none'; script-src 'self' 'nonce-76c1f0ce-a93d-4f40-8692-671e797cebd5' 'unsafe-inline' 'unsafe-eval' 'sha256-V1EJR36VkO9k0FYEKig0eMyDOlEDL5YW9EpzNLJcgRI=' 'sha256-yZA+8n3qPZ5OADHZbcpooPo/8gxZnd6h4usWRLnm5NM=' 'sha256-IPQ8Oj8E2WHVhRiIZvKrMXoDDBKQk2YpNQDSqhcVHWA' 'sha256-BykKazQ4a0dH5g+EEQnDhP+1avksgLqXJzXyVD5hWNk=' 'sha256-SeryKD9UUepvAeLgfHdt6eec6LHLKEPbA9fdovGYrFQ=' js.intercomcdn.com connect.facebook.net snap.licdn.com https://*.hotjar.com cdn-cookieyes.com https://analytics.tiktok.com https://business-api.tiktok.com https://ads.tiktok.com https://maps.googleapis.com booking.page widget.simplybook.pro; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://tagmanager.google.com https://fonts.googleapis.com *.googletagmanager.com; connect-src 'self' wss://nexus-websocket-a.intercom.io *.googlesyndication.com *.intercom.io *.cookieyes.com cdn-cookieyes.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.euf.stape.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.googleapis.com *.google.com https://*.gstatic.com https://px.ads.linkedin.com api.friendlycaptcha.com *.doubleclick.net https://analytics.tiktok.com https://*.tiktokw.us https://www.facebook.com data: blob:; img-src 'self' *.googlesyndication.com *.intercomcdn.com *.intercomassets.com cdn-cookieyes.com www.facebook.com https://googletagmanager.com *.googletagmanager.com *.google-analytics.com https://*.hotjar.com https://*.googleapis.com https://*.gstatic.com https://www.gstatic.com *.google.com *.googleusercontent.com https://*.doubleclick.net https://px.ads.linkedin.com ohws.prospective.ch data:; object-src 'none'; font-src 'self' https://script.hotjar.com https://fonts.gstatic.com https://fonts.intercomcdn.com data:;base-uri 'self'; frame-src app.powerbi.com www.googletagmanager.com rechner.eturnity.ch *.vimeo.com *.google.com booking.page *.spotify.com https://td.doubleclick.net https://*.fls.doubleclick.net/ *.googlesyndication.com pnr.simplybook.pro *.frcapi.com www.facebook.com www.youtube.com youtube.com; worker-src blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
repower-sommerfest.ch
1transfer.org
abghomestay.com
www.abghomestay.com
www.aetherhealth.in
www.architector.io
www.asaren.ai
ascio-studio.tech
atulsable.com
www.auscrosa.asn.au
babyinyellow.com
app.backupshield.com.br
benthebarnekov.dk
es.biobarica.com
www.bitscheduler.com
ffs.byteflipper.com
chakarapp.com
dev.chirpyplus.com.au
app.dev.claimscalc.com
offers.mitsubishi-motors.com.om
pmstrive.com.pk
dodopop-orders.crispnow.com
clms.cyberloop.ai
www.datachester.com
devistiq.com
www.dobranabidka.cz
www.drumuri.bike
admin.ejs-multivector.com
static.exam.net
www.fabricamarciana.com
my.flourishchange.com
ganyvel.fr
pharmastaging.healthdocs.co.za
heavygo.com
www.hfssadikoglu.com
tts.highku.xyz
www.imperiumlarp.com.br
innoforces.com
iottable.online
www.javiccs.com
justdivinehealing.dk
knightsync.app
www.koipack.it
www.kreedoapp.com
www.localflora.info
www.lucascodes.xyz
mascareno.org
mobagm.com
www.mosaicdirect.jp
staging.mumau.dev
nativealien.co.nz
daftarpejuang.neovasi.com
hippie-lucas.nilss.dev
www.lighting.nkportfolio.com
msk.nmfsport.com
numer3.com
dev-admin.omnicurenow.com
sintacc.org.br
stp.texbit.otobit.com
zwei.pdr.cloud
portfolio.pinneaple.com
plumasense.com
www.prideofzion.org
punksauction.com
staging.puntclub.link
tercon-consultorias.qitech.digital
fm.ranaq.com
shamrock.reinventuniforms.com
renardierewepion.be
securityjob.uk
www.shanzis.com
www.shredtheshires.co.uk
simple2master.com
www.sojurn.com
app.spacebridge.ai
adminval.sqa-io.com
stock630.com
celebracionjaime.swan.lat
speedtest.tamir.uk
www.joinus.taporty.it
edc.tasq.me
nikki.tattyhouse.com
www.telemedlist.com
apps.tenloo.com
thursdaygolfleague.com
go.timeshifter.com
tranchant.dev
www.v-cosmetic.com.au
vedamai.com
api.vera-app.de
sonepar.visionate.com
vtjs.app
www.watt.fit
edut.xsite.com
yalla-content.com
linkstaging.yevry.com
dev.yokohama-stadium.co.jp
www.zahnaerzte-kroker.de
www.dispatch.zomio.com
time.zoole.se
Other domains in certificate