Website with Transaction Protection UNTRUSTED BY MICROSOFT (unable to get local

SHA-1 Certificate Valid Past 1/1/2017
The certificate has a SHA-1 signature that is valid into 2017, and should be replaced as soon as possible with a SHA-2 signed certificate. https://ssl.trustwave.com/support/support-certificate-analyzer.php?address=https%3A%2F%2Fiself.tele2.kz&port=443
Warnings and issues reported: https://www.ssllabs.com/ssltest/analyze.html?d=iself.tele2.kz
Security Headers situation see attached.
HTTP Server: nginx 0.7.61 (Outdated)
Risk statatus 1 red out of 10: http://toolbar.netcraft.com/site_report?url=https://iself.tele2.kz
Poodle vulnerable!

polonus

I get the following warnings for that server: Excessive headers: Warning, HTTP only cookies: Warning, Secure cookies: Warning, Clickjacking: Warning.

Thats heckload of warnings…

Noone is thinking about security sadly