Just have a look here for the all green: http://toolbar.netcraft.com/site_report?url=https://www.applianceshop.eu
Some minor issues on a A-minus grade website.
Intermediate certificate has a weak signature. When renewing, ensure you upgrade to an all-SHA2 chain.
The server does not support Forward Secrecy with the reference browsers. Grade reduced to A-.
IE 6 / XP No FS 1 No SNI 2 Protocol or cipher suite mismatch
Forward Secrecy with some browsers.Encryption (HTTPS) (1)
Communication is encrypted
Secure Header Implementation: strict-transport-security header OK, cache-control OK (an best policies applied)
x-content-type-options, x-xss-protection and x-frame-option headers missing.
polonus
As is this one: -g33kinfo.com → security headers situation. Only strict-transport-security header with warning and
access-control-allow-origin correct, all other security headers missed here.
This scan has better result: g33kinfo.com has a verifiable certificate chain signed with SHA-2.
Tries to load insecure scripts. - mixed content.
Insecure and Possible Frontend SPOF from:
ajax.cloudflare.com - Whitelist
(99%) -
apis.google.com - Whitelist
(93%) -
pagead2.googlesyndication.com - Whitelist
(93%) -
platform.twitter.com - Whitelist
(64%) -
(54%) -
(44%) -
(34%) -
(24%) -
(14%) -
www.stumbleupon.com - Whitelist
(64%) -
(53%) -
(43%) -
(33%) -
(23%) -
(14%) -
Encryption (HTTPS) (1)
Communication is encrypted
See test results image attached.
polonus (volunteer website security analyst and website error-hunter)