Open
Cached
·
just now
81/100
SECURITY SCORE
Certificate Information
Subject
C=DE, ST=Bayern, O=Friedrich-Alexander-Universitaet Erlangen-Nuernberg, CN=techfak.fau.de
Issuer
C=GR, O=Hellenic Academic and Research Institutions CA, CN=GEANT TLS RSA 1
Valid From
March 18, 2025
Valid Until
March 18, 2026
116 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3F:48:C2:0F:42:D5:03:58:95:F9:96:AB:13:3D:CB:B2:3A:4B:2D:6D:B3:52:DD:65:48:4A:68:5B:8D:E1:83:A1
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15552000
Content-Security-Policy
Basic
default-src; script-src; style-src; +3 more
default-src 'self' blob: *.youtube.com *.youtube-nocookie.com *.uni-erlangen.de *.uni-erlangen.org *.fau.de *.rrze.de *.fau.eu *.fau.tv cdn2.fau.tv cdn2.video.uni-erlangen.de *.siteimprove.com eveeno.com jobspreader.com www.youtube.com vimeo.com publish.twitter.com www.slideshare.net open.spotify.com karte.fau.de karte.uni-erlangen.de *.fau.tv *.video.fau.de *.video.uni-erlangen.de www.youtube-nocookie.com youtu.be *.slideshare.net www.br.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' siteimproveanalytics.com *.siteimprove.net *.siteimprove.com *.youtube.com *.ytimg.com *.uni-erlangen.de *.uni-erlangen.org *.fau.de *.rrze.de *.fau.eu cdn2.fau.tv jobspreader.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.gravatar.com *.uni-erlangen.de *.uni-erlangen.org *.fau.de *.fau.eu *.fau.tv *.siteimprove.com *.siteimproveanalytics.io img.youtube.com cdn2.video.uni-erlangen.de cdn.bsky.app; connect-src 'self' *.siteimprove.com *.uni-erlangen.de *.uni-erlangen.org *.fau.de *.rrze.de *.fau.eu *.fau.tv cdn2.fau.tv jobspreader.com; font-src 'self' data: public.slidesharecdn.com
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
14 domains
techfak.uni-erlangen.de
tf.uni-erlangen.de
www.techfak.uni-erlangen.de
www.tf.uni-erlangen.de
tf.cms.rrze.uni-erlangen.de
www.tf.cms.rrze.uni-erlangen.de
techfak.fau.de
tf.cms.rrze.fau.de
tf.fau.de
www.techfak.fau.de
www.tf.cms.rrze.fau.de
www.tf.fau.de
tf.cms.rrze.de
www.tf.cms.rrze.de
Other domains in certificate