Open
Cached
·
just now
76/100
SECURITY SCORE
Certificate Information
Subject
CN=zofen.de
Issuer
C=US, O=Let's Encrypt, CN=R12
Valid From
February 11, 2026
Valid Until
May 12, 2026
89 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
92:F2:EB:81:CF:31:B3:94:B4:D4:07:A8:6F:D0:FF:B0:B7:62:FE:11:BE:92:F1:88:C4:FD:A1:97:A5:A6:1B:DF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
argabrite.com
*.argabrite.com
*.access.argabrite.com
*.admin.argabrite.com
*.anyconnect.argabrite.com
*.api.argabrite.com
*.clientesvpn.argabrite.com
*.connect.argabrite.com
*.dev.argabrite.com
*.emv1.argabrite.com
*.exchange.argabrite.com
*.ftp.argabrite.com
*.gateway.argabrite.com
*.hostmaster.argabrite.com
*.imap1.argabrite.com
*.m.argabrite.com
*.mail1.argabrite.com
*.mailer.argabrite.com
*.mailgate.argabrite.com
*.mkbnwtlmktexchange.argabrite.com
*.mobileconnect.argabrite.com
*.mx2.argabrite.com
*.officevpn.argabrite.com
*.portal.argabrite.com
*.remoteaccess.argabrite.com
*.remoto.argabrite.com
*.secure.argabrite.com
*.secureconnect.argabrite.com
*.securevpn.argabrite.com
*.server.argabrite.com
*.smtp-relay.argabrite.com
*.smtp.argabrite.com
*.ssl.argabrite.com
*.studentsvpn.argabrite.com
*.test.argabrite.com
*.tlmktexchange.argabrite.com
*.vpn.argabrite.com
*.vpn1.argabrite.com
*.vpn3.argabrite.com
*.vpnssl.argabrite.com
*.webmail.argabrite.com
*.webvpn.argabrite.com
*.ww16.argabrite.com
*.ww17.argabrite.com
*.ww38.argabrite.com
*.api.capnovafin.com
*.bf754dd6-4784-486d-86a8-20679c1a9122.capnovafin.com
capnovafin.com
*.capnovafin.com
*.new.capnovafin.com
*.springboot.capnovafin.com
*.vpn.capnovafin.com
*.barracuda.k12nd.us
*.cloud2.k12nd.us
*.cpcalendars.k12nd.us
*.customers.k12nd.us
*.demo.k12nd.us
*.ebmail.k12nd.us
*.fargo.k12nd.us
*.hazen.k12nd.us
k12nd.us
*.k12nd.us
*.mail.k12nd.us
*.mailserver.k12nd.us
*.mandan.k12nd.us
*.minnewauakn.k12nd.us
*.mls.k12nd.us
*.outlook.k12nd.us
*.remoteapp1.k12nd.us
*.security.k12nd.us
*.smtp-qa.k12nd.us
*.smtp1.k12nd.us
*.virtualaccess2.k12nd.us
*.web2.k12nd.us
*.webdisk.k12nd.us
*.west-fargo.k12nd.us
*.west-farto.k12nd.us
*.access.txtrailers.com
*.bamboo.txtrailers.com
*.dcad888a-4991-4358-9f6e-c6bdf60b35b5.txtrailers.com
*.j6r56qhpoxjmib42.txtrailers.com
*.m.txtrailers.com
*.mx.txtrailers.com
*.random.txtrailers.com
*.sitemaps.txtrailers.com
txtrailers.com
*.txtrailers.com
*.hol.zofen.de
zofen.de
*.zofen.de
Other domains in certificate