Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=denic.de
Issuer
C=US, O=Let's Encrypt, CN=R13
Valid From
November 17, 2025
Valid Until
February 15, 2026
62 days
Public Key
RSA
4096 bit
Strong
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C9:59:01:EA:1D:8C:FE:98:4D:E0:3A:BC:CB:82:24:3F:6C:5A:4D:27:AA:03:1D:65:B9:0C:C6:D2:10:36:5E:AA
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15552000
Content-Security-Policy
Basic
default-src; script-src; img-src; +5 more
default-src 'self' https://*.denic.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud https://*.moin.ai; img-src 'self' data: https://*.denic.de https://*.moin.ai; base-uri 'self'; frame-src 'self'; style-src 'self' 'unsafe-inline' https://*.moin.ai; font-src 'self' https://*.moin.ai; connect-src 'self' https://denic.matomo.cloud https://*.moin.ai wss://bot.moin.ai
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Present
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), browsing-topics=(), interest-cohort=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
90 domains
denic.de
*.denic.de
25-jahre-denic.de
25-years-denic.de
id-denic.de
iddenic.de
*.25-jahre-denic.de
*.25-years-denic.de
*.id-denic.de
*.iddenic.de
*.adm.denic.de
*.beta.denic.de
*.cloud.denic.de
*.cons.denic.de
*.dev.denic.de
*.enum.denic.de
*.exmon.denic.de
*.if.denic.de
*.infs.denic.de
*.int-t.denic.de
*.iscsi.denic.de
*.mtest.denic.de
*.nsl.denic.de
*.office.denic.de
*.osl.denic.de
*.pentest.denic.de
*.prod.denic.de
*.rri.denic.de
*.rz.denic.de
*.secure.denic.de
*.stage.denic.de
*.svc.denic.de
*.test.denic.de
*.transit.denic.de
*.ams1.adm.denic.de
*.ams1.prod.denic.de
*.dev.cloud.denic.de
*.ew.osl.denic.de
*.fra1.adm.denic.de
*.fra1.osl.denic.de
*.fra1.prod.denic.de
*.fra2.adm.denic.de
*.fra2.osl.denic.de
*.fra2.prod.denic.de
*.fra3.adm.denic.de
*.fra3.prod.denic.de
*.gcp.prod.denic.de
*.ha.mtest.denic.de
*.infra.prod.denic.de
*.infra.stage.denic.de
*.rz2012.adm.denic.de
*.ha.qa2.stage.denic.de
celebrate-25years.de
*.celebrate-25years.de
denic-services.com
*.denic-services.com
denic-services.de
*.denic-services.de
denic.net
*.denic.net
denic.online
*.denic.online
digital-escrow.at
*.digital-escrow.at
digital-escrow.ch
*.digital-escrow.ch
domain-vchecked.de
*.domain-vchecked.de
eine-gute-domain.de
*.eine-gute-domain.de
einegutedomain.de
*.einegutedomain.de
escrow-digital.at
*.escrow-digital.at
escrow-digital.ch
*.escrow-digital.ch
escrow-digital.com
*.escrow-digital.com
escrow-digital.de
*.escrow-digital.de
escrow4ntld.com
*.escrow4ntld.com
escrow4ntlds.com
*.escrow4ntlds.com
nic.de
*.nic.de
start-your-domain.de
*.start-your-domain.de
vchecked.de
*.vchecked.de
Other domains in certificate