opkoperauto-belgie.be

Score 89/100

Web site information

IP Address
Web Servers
Nginx

SEO data

title
opkoperauto-belgie.be | Home
viewport
width=device-width, initial-scale=1
mobile-web-app-capable
yes
theme-color
#000000
og:type
website
description
See the latest posts about
apple-mobile-web-app-title
opkoperauto-belgie.be | Home
author
opkoperauto-belgie.be
og:title
opkoperauto-belgie.be | Home
og:site_name
opkoperauto-belgie.be
og:description
See the latest posts about

Protocols

SSLv2
not offered
SSLv3
not offered
TLS 1.0
offered (deprecated)
TLS 1.1
offered (deprecated)
TLS 1.2
offered
TLS 1.3
not offered + downgraded to weaker protocol
ALPN HTTP2
h2
ALPN
http/1.1

Vulnerabilities

heartbleed
not vulnerable, no heartbeat extension
CCS
not vulnerable
ticketbleed
no session ticket extension
ROBOT
not vulnerable, no RSA key transport cipher
SSL renegotiation
supported
SSL client renegotiation
not vulnerable
CRIME TLS
not vulnerable
BREACH
potentially VULNERABLE, gzip HTTP compression detected - only supplied '/' tested
POODLE SSL
not vulnerable, no SSLv3
fallback SCSV
supported
SWEET32
not vulnerable
FREAK
not vulnerable
DROWN
not vulnerable on this host and port
DROWN hint
no RSA certificate, can't be used with SSLv2 elsewhere
LOGJAM
not vulnerable, no DH EXPORT ciphers,
LOGJAM-common primes
no DH key with <= TLS 1.2
BEAST
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13
potentially vulnerable, uses TLS CBC ciphers
RC4
not vulnerable

Header Responses

Status code
200 OK ('/')
Clock skew
0 seconds from localtime
HSTS time
365 days (=31536000 seconds) > 15552000 seconds
HSTS subdomains
includes subdomains
HSTS preload
domain is NOT marked for preloading
HPKP
No support for HTTP Public Key Pinning
X-Frame-Options multiple
Multiple X-Frame-Options headers. Using first header: SAMEORIGIN
X-Frame-Options
SAMEORIGIN
X-Content-Type-Options multiple
Multiple X-Content-Type-Options headers. Using first header: nosniff
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src *
X-Content-Security-Policy
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src *
X-WebKit-CSP
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; font-src * data:; connect-src *
Referrer-Policy
no-referrer-when-downgrade
X-XSS-Protection
1; mode=block

Server Defaults

TLS extensions
'renegotiation info/#65281' 'server name/#0' 'EC point formats/#11' 'status request/#5' 'next protocol/#13172' 'max fragment length/#1' 'application layer protocol negotiation/#16' 'encrypt-then-mac/#22' 'extended master secret/#23'
TLS session ticket
no -- no lifetime advertised
SSL sessionID support
yes
Session Ticket Resumption
not supported
Session ID Resumption
supported
TLS timestamp
random
cert numbers
1
Signature algorithm
SHA256 with RSA
Key size
EC 384 bits
Key usage
Digital Signature
Extended key usage
TLS Web Server Authentication, TLS Web Client Authentication
Serial number
0359FE0D655E28202782CA0121C308E04DF8
cert serialNumberLen
18
Fingerprint SHA1
2A6D6CCFDFEFCFEEA3D0C5BBAE0D44855F4414A8
Fingerprint SHA256
4479035BD46B59F97E4ACC3DA603BE57E3F6E3F709B6791036548BE32A68B59B
Certificate details
-----BEGIN CERTIFICATE----- MIIEnjCCA4agAwIBAgISA1n+DWVeKCAngsoBIcMI4E34MA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMjA2MTEyMzIxNTlaFw0yMjA5MDkyMzIxNThaMCIxIDAeBgNVBAMM Fyoub3Brb3BlcmF1dG8tYmVsZ2llLmJlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE TXYfKinvzMZwu93O78bm3o4TWOD4/+Wb//EkLoTXbfvY1yqhJoOiAIpw8TEWAHcu Lfvd39o+cSGoiX68dJUjVlS3YO4qdF0TXmGIHb0wGG0/76VQnJ2FsAU4GVuiR3Or o4ICajCCAmYwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr BgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ+YHitWT7PGoakYprXhIig oM5JuzAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcB AQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEF BQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzA5BgNVHREEMjAwghcqLm9wa29w ZXJhdXRvLWJlbGdpZS5iZYIVb3Brb3BlcmF1dG8tYmVsZ2llLmJlMEwGA1UdIARF MEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6 Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHcA RqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGBVUn2rwAABAMASDBG AiEArxBGJlDy7Oloexg3NCmQs8bXRCctmDmUHbwxJ/MEkQgCIQD4FbKDyyIxnaP5 OmKJbOugeOY9jHY/Al58zDCL0J/eWQB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEA KQaNsgiaN9kTAAABgVVJ9zsAAAQDAEcwRQIhAN9oevankcvj8lQEckcz+m0C4l2i 9BGN+1F64/HiqMKtAiBrPzIaHAk9g9QOfMjlg4/N64yCU0SE2vz1KFyPU5LIMzAN BgkqhkiG9w0BAQsFAAOCAQEAl8r++FR6WamYo1vNt6NOwkvbKtCQp9Y09MKN02zk /QP4N5ujduAUSJIF+0/NLsDnc32I1OkEErk2JOhosf4jxclVHmuayB4sZSD+UlgY Fs6LAp3IZP6LpCFwjYJQCCJ4nsgj+25IVYGQ0ZKO4SoOqwxY4K/TzM+V1H9S83m4 ZZHiTlFKaBrPCZTFQPsVUBpEoNvbo8Rh4bVZGC/3l07jiBKxdIJkBfyZqkBaHdtR K5TOPJV3Kvxk/Gqj9yrNyZmJ3yFQOQyLZtXvc7r/trZUr5Sjg2EU9uFj4D1l+m5D zkgrffDuLVqop+m5rvDAkMJHzNpGZfAsF3pWUyFxWFp8NQ== -----END CERTIFICATE-----
Common names
*.opkoperauto-belgie.be
Service Name Indication
*.opkoperauto-belgie.be
SubjectAlternative Name
*.opkoperauto-belgie.be opkoperauto-belgie.be
Certificate authority issuers
R3 (Let's Encrypt from US)
Certificate trusted
Ok via SAN (same w/o SNI)
Certificate chain trusted
passed.
Is certificate Extended Validation
no
cert eTLS
not present
cert expirationStatus
74 >= 30 days
Valid from
2022-06-11 23:21
Valid until
2022-09-09 23:21
cert validityPeriod
No finding
Chain
3
certs list ordering problem
no
cert crlDistributionPoints
--
Online Certificate Status Protocol URL
http://r3.o.lencr.org
OCSP stapling
offered
cert ocspRevoked
not revoked
cert mustStapleExtension
--
DNS CAArecord
--
certificate transparency
yes (certificate extension)

Server Preferences

order
server
Which protocol negotiated
Default protocol TLS1.2
negotiated
ECDHE-ECDSA-AES256-GCM-SHA384, 384 bit ECDH (P-384)
order TLSv1
ECDHE-ECDSA-AES256-SHA
order TLSv1 1
ECDHE-ECDSA-AES256-SHA
order TLSv1 2
ECDHE-ECDSA-AES256-GCM-SHA384

Perfect Forward Secrecy

PFS
offered
PFS s
ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-CAMELLIA128-SHA256 ECDHE-ECDSA-CAMELLIA256-SHA384
PFS ECDHE curves
secp384r1

Ciphers

ECDHE-ECDSA-AES256-GCM-SHA384 ECDH 384 AESGCM 256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
(0xc02c)
ECDHE-ECDSA-AES256-SHA384 ECDH 384 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
(0xc024)
ECDHE-ECDSA-AES256-SHA ECDH 384 AES 256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
(0xc00a)
ECDHE-ECDSA-CAMELLIA256-SHA384 ECDH 384 Camellia 256 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
(0xc073)
ECDHE-ECDSA-AES128-GCM-SHA256 ECDH 384 AESGCM 128 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(0xc02b)
ECDHE-ECDSA-AES128-SHA256 ECDH 384 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
(0xc023)
ECDHE-ECDSA-AES128-SHA ECDH 384 AES 128 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
(0xc009)
ECDHE-ECDSA-CAMELLIA128-SHA256 ECDH 384 Camellia 128 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
(0xc072)

Browser Simulations

Android 4.4.2
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
Android 5.0.0
TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
Android 6.0
TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256
Android 7.0
No connection
clientsimulation-android 81
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-android 90
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-android X
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-chrome 74 win10
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-chrome 79 win10
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-firefox 66 win81
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-firefox 71 win10
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
Windows XP Internet Explorer 6
No connection
Windows 7 Internet Explorer 8
TLSv1.0 ECDHE-ECDSA-AES256-SHA
Windows XP Internet Explorer 8
No connection
Windows 7 Internet Explorer 11
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
Windows 8.1 Internet Explorer 11
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-ie 11 winphone81
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
Windows 10 Internet Explorer 11
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-edge 15 win10
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-edge 17 win10
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-opera 66 win10
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-safari 9 ios9
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
MacOSX 10.11 Safari 9
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
MacOSX 10.12 Safari 10
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-safari 121 ios 122
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-safari 130 osx 10146
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
iOS 9 App Transport Security 9
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
Java 6 update 45
No connection
Java 7 update 25
TLSv1.0 ECDHE-ECDSA-AES128-SHA
clientsimulation-java 8u161
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-java1102
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-java1201
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
OpenSSL 1.0.2e
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-openssl 110l
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-openssl 111d
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384
clientsimulation-thunderbird 68 3 1
TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384