Not insecurity you would like to see on a developer's website...

access-control-allow-origin the only security header installed properly - best practices…
Insecurity here: https://observatory.mozilla.org/analyze.html?host=christianspecht.de
Mediocre F-Status: https://sritest.io/#report/4ad5bebd-2cc9-49e9-9d87-f75d80076667
vuln. library detected:
http://retire.insecurity.today/#!/scan/b0995c4a53806e9d13a9716f90974b2a1bcc197a8181eee8ce821b8b0afdd35d
Netcraft risk 1 red out of 10: http://toolbar.netcraft.com/site_report?url=https://christianspecht.de

polonus

When we check the server we see issues here: https://www.htbridge.com/ssl/?id=fb9d27c76d53e3c978dda00e3599ecdb62614fa079690ff66889db53200b51e2
SERVER does not support OCSP STAPLING
some supported ciphers are non-compliant with HIPAA guidance.

This conflicts with ‘best policies’ for kasserver: CERTIFICATES HAVE BEEN SIGNED FOR MORE THAN 3 YEARS
The RSA certificate provided has been validated for more than 3 years. This means that the private key of the server will remain the same for more than 3 years. NIST guidelines suggest limiting certificate validity to 3 years maximum.Misconfiguration or weakness!

Then there is insecure tracking: 66% of the trackers on this site could be protecting you from NSA snooping. Tell -kasserver.com to fix it. GTracking by a.o. google. Vulnerable via Track Cross-site-tracing (tracking) attacks.
Server = compliant withPCI DSS…

polonus (volunteer website security analyst and website error-hunter)