Open
Cached
·
just now
93/100
SECURITY SCORE
Certificate Information
Subject
CN=auth.getyourguide.com
Issuer
C=US, O=Google Trust Services, CN=WE1
Valid From
October 31, 2025
Valid Until
January 29, 2026
56 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
0E:D0:AD:1E:F7:64:65:2B:86:B2:FE:9C:04:42:B9:CB:93:F6:C0:2A:63:0E:2B:E5:5B:AA:BC:D5:AC:33:0D:4D
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Good
default-src; font-src; style-src; +12 more
default-src 'self';font-src 'self' data: https://*.getyourguide.com https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdn.honey.io https://members.cj.com/member/styles/fonts/cj-icon-web-font/fonts/cj-webfont.ttf https://members.cj.com/member/styles/fonts/cj-icon-web-font/fonts/cj-webfont.woff;style-src 'self' 'unsafe-inline' https://*.getyourguide.com https://accounts.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdn.honey.io https://members.cj.com/member/javascript/publisher/bookmarklet/publisher-bookmarklet.css https://members.cj.com/member/styles/fonts/cj-icon-web-font/cj-icon-font.css https://accounts.google.com/gsi/style https://*.seatsio.net;object-src https://*.getyourguide.com https://sem-gtm-event-handler.gygservice.com;connect-src 'self' https://*.getyourguide.com https://google.com https://adservice.google.com https://www.googleadservices.com https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://pagead2.googlesyndication.com https://*.sentry.io https://*.ingest.sentry.io https://browser-intake-datadoghq.com https://sentry-intake.datadoghq.com https://*.braze.com https://*.braze.eu https://*.fra-01.braze.eu https://*.fishrobotflower.com cloudflareinsights.com https://bat.bing.com https://bat.bing.net https://*.clarity.ms https://www.facebook.com https://*.adyen.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://sslwidget.criteo.com https://measurement-api.criteo.com https://gum.criteo.com https://*.eu.criteo.net https://*.us.criteo.net https://*.as.criteo.net https://www.mczbf.com/12394/pageInfo https://www.mczbf.com/813108101493/pageInfo https://www.mczbf.com/813108101493/report https://cdn.honey.io https://www.sjwoe.com/ https://insight.adsrvr.org/track/up https://x.bidswitch.net/syncd https://*.cloudflarestream.com https://*.stadiamaps.com https://accounts.google.com/gsi/ https://data.seatsio.net https://*.usercentrics.eu https://*.forter.com wss://cdn0.forter.com https://d2o5idwacg3gyw.cloudfront.net https://dz8rit8v72mig.cloudfront.net https://d3banl4fzuxsjl.cloudfront.net https://d1yz9u4jf6oqub.cloudfront.net https://d6wfl40rgh70w.cloudfront.net https://d1rk8r7fwbocot.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d1ezzflfzltk6e.cloudfront.net https://d3nocrch4qti4v.cloudfront.net https://duuytoqss3gu4.cloudfront.net https://df45ay5pw60dy.cloudfront.net https://1.1.1.1 https://d94qwxh6czci4.cloudfront.net https://siteperformancetest.net https://wtp.siteperformancetest.net/ https://*.creativecdn.com api.statsig.com featuregates.org statsigapi.net events.statsigapi.net api.statsigcdn.com featureassets.org assetsconfigcdn.org prodregistryv2.org cloudflare-dns.com beyondwickedmapping.org;script-src 'nonce-5a2f88cf7e8e51e307fa1d3c14fd53ab' 'self' https://*.getyourguide.com https://www.googleadservices.com https://tpc.googlesyndication.com https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://*.g.doubleclick.net https://*.googleapis.com https://*.fishrobotflower.com https://bat.bing.com https://www.clarity.ms https://*.clarity.ms https://api.microsofttranslator.com https://www.microsofttranslator.com https://js.appboycdn.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://static.cloudflareinsights.com https://challenges.cloudflare.com https://dynamic.criteo.com https://sslwidget.criteo.com https://static.criteo.net https://widget.us.criteo.com https://widget.eu.criteo.com https://widget.as.criteo.com https://www.mczbf.com/tags/12394/tag.js https://www.mczbf.com/tags/813108101493/tag.js https://cdn.honey.io https://www.sjwoe.com/ https://members.cj.com/member/publisherBookmarklet.js https://js.adsrvr.org/up_loader.1.1.0.js https://js.adsrvr.org/universal_pixel.1.1.0.js https://collector-9404.us.tvsquared.com/tv2track.js https://accounts.google.com/gsi/client https://*.seatsio.net https://web.cmp.usercentrics.eu 'sha256-FofX+JlLZAz4NnsAztINV+if9J+oKGoofWE8eidrdB4=' https://*.forter.com https://dlthst9q2beh8.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d2w2nqfk3z9hdt.cloudfront.net https://*.creativecdn.com https://snippet.maze.co *.tradedoubler.com a.imgstatics.com;img-src 'nonce-5a2f88cf7e8e51e307fa1d3c14fd53ab' 'self' data: https://images.contentstack.io https://cdn.bfldr.com https://*.getyourguide.com https://sem-gtm-event-handler.gygservice.com https://*.cloudflarestream.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.youtube.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.fishrobotflower.com https://ad.doubleclick.net https://*.bing.com https://*.clarity.ms https://gum.criteo.com https://gum.eu.criteo.com https://dis.criteo.com https://*.eu.criteo.net https://*.us.criteo.net https://*.as.criteo.net https://www.facebook.com https://connect.facebook.net https://*.adyen.com https://www.afcyhf.com https://www.anrdoezrs.net https://www.apmebf.com https://www.awltovhc.com https://cj.dotomi.com https://www.dpbolvw.net https://www.emjcd.com https://www.ftjcfx.com https://www.jdoqocy.com https://www.kqzyfj.com https://www.lduhtrp.net https://www.mbyfzn.com https://www.mczbf.com https://www.mjbpab.com https://www.qksrv.net https://www.qksz.net https://www.tkqlhce.com https://www.tqlkg.com https://cdn.honey.io https://www.sjwoe.com/ https://members.cj.com/member/javascript/ui-kit/images/close_icon.png https://insight.adsrvr.org/track/pxl/ https://match.adsrvr.org/track/cmf/generic https://collector-9404.us.tvsquared.com/tv2track.php https://*.usercentrics.eu https://d3nocrch4qti4v.cloudfront.net cdn.braze.eu https://*.creativecdn.com https://cm.g.doubleclick.net https://hb.yahoo.net https://pixel.rubiconproject.com https://simage2.pubmatic.com https://ib.adnxs.com https://dsum-sec.casalemedia.com https://sync.taboola.com https://eb2.3lift.com https://sync.outbrain.com https://ce.lijit.com https://visitor.omnitagjs.com https://hbx.media.net https://s.seedtag.com https://sync.inmobi.com;media-src 'nonce-5a2f88cf7e8e51e307fa1d3c14fd53ab' 'self' data: blob: https://assets.contentstack.io https://cdn.bfldr.com https://*.getyourguide.com https://*.cloudflarestream.com;base-uri 'self';worker-src blob: https://*.getyourguide.com;child-src blob: data: https://*.getyourguide.com;manifest-src https://*.getyourguide.com;frame-src * https://accounts.google.com/gsi/ https://*.seatsio.net *.tradedoubler.com a.imgstatics.com;frame-ancestors 'self' https://supplier.getyourguide.com https://supplier.gygtest.net;upgrade-insecure-requests
X-Frame-Options
Excellent
DENY
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
strict-origin-when-cross-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Strengthen CSP by removing 'unsafe-eval'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports