The webserver does not offer HTTP Strict Transport Security (HSTS). HSTS enforces HTTPS connections. This prevents downgrade attacks to an insecure HTTP connection.
The domains DNS zone does not specify any Certification Authority Authorization (CAA) record. This means that all certificate authorities (CAs) are allowed to issue certificates for this domain.
Cookies that are not marked as secure can be transferred via an unencrypted connection. A man-in-the-middle attack can be used to get the contents of these cookies.
A correct configured TLS encryption makes sure, that your users only get content from your web application that does not tamper with and cannot be eavesdropped on. Learn here, how you can secure your TLS Configuration.
The domain certificate is expired or will expire closely. An expired certificate will result in error messages for the web application’s users.
LUCKY13 is a timing attack that can be used against implementations of the TLS protocol using the cipher block chaining mode of operation. The vulnerability affects the TLS 1.1 and 1.2 specification as well of certain forms of earlier versions.
The CRIME (Compression Ratio Info-leak Made Easy) attack is a vulnerability in the SSL compression. The attack against secret web cookies sent over compressed HTTPS or SPDY connections leaves cookie data vulnerable to session hijacking.
A server vulnerable for BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) allows an attacker to decrypt cookie contents such as session information. Learn here, how you can prevent SSL BREACH.
There is no SSL/TLS encryption enabled on your server. All traffic to your web application is transported via unencrypted channels. This leaves your users vulnerable to man-in-the-middle attacks.
Perfect Forward Secrecy (PFS) is unavailable with the server configuration. If the TLS encryption is broken once, recordings of previous connections are not secure and may be decrypted.