DNS Gurus
Open Cached · just now
89/100 SECURITY SCORE

Certificate Information

Subject
UNKNOWN=CSM049035519, C=DE, ST=Berlin, L=Berlin, O=Bundesdruckerei GmbH, CN=steuerzeichen.de
Issuer
C=DE, O=D-Trust GmbH, CN=D-TRUST SSL Class 3 CA 1 2009
Valid From
July 11, 2025
Valid Until
July 13, 2026 216 days
Public Key
RSA 4096 bit Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3C:B3:06:65:CD:10:A5:04:79:4C:BA:A8:6B:44:DF:B4:AE:FB:1F:EE:37:47:34:B0:E8:86:E4:B8:A2:4B:CA:24
Alternative Names
12 domains

Security Configuration

TLS Protocols
TLS 1.2
Forward Secrecy
Limited (Check cipher configuration)
Warnings
  • TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=31536000; includeSubDomains
Content-Security-Policy
Basic
default-src; child-src; connect-src; +6 more
X-Frame-Options
Present
ALLOW-FROM https://newapp.etracker.com
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Configured (Restricts certificate issuance)
Current Issuer
Not Authorized (Potential misconfiguration)
Authorized CAs
d-trust.net
Wildcard CAs
d-trust.net
Incident Reporting
CAA Issues
  • CRITICAL: Current certificate issuer 'C=DE, O=D-Trust GmbH, CN=D-TRUST SSL Class 3 CA 1 2009' is NOT authorized by CAA records. Authorized CAs: d-trust.net
Recommendations
  • Consider using critical flag (flags=128) for stricter CAA enforcement