Open
Cached
·
just now
85/100
SECURITY SCORE
Certificate Information
Subject
CN=avivacorporateplatform.co.uk
Issuer
C=US, O=Amazon, CN=Amazon RSA 2048 M02
Valid From
March 09, 2025
Valid Until
April 08, 2026
74 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
D3:DC:DB:0A:05:76:74:34:32:CE:2D:BC:A2:14:9F:6F:97:07:81:24:26:C2:8C:91:4C:EC:52:32:E7:E4:6E:D7
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Good
default-src; font-src; img-src; +7 more
default-src 'self' cdn.aviva.com data:; font-src 'self' cdn.aviva.com fonts.gstatic.com data: *.pronavigator.ai; img-src * data:; media-src 'self' data:; frame-src 'self' *.aviva.ca *.five9.com *.facebook.com *.doubleclick.net *.youtube.com *.moneris.com *.google.com *.demdex.net *.appliedsystems.com *.pinterest.com *.googletagmanager.com ui.expert.pronavigator.ai; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.aviva.ca cdn.aviva.com *.adobedtm.com *.amazon.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.bing.com *.googleadservices.com *.invocacdn.com *.marketo.net *.doubleclick.net *.google.com *.moneris.com *.gstatic.com *.five9.com *.clarity.ms *.clearbitjs.com *.acuityplatform.com *.stackadapt.com *.licdn.com *.youtube.com *.cookielaw.org ajax.aspnetcdn.com *.pinterest.com *.teads.tv *.pinimg.com *.amazon-adsystem.com *.redditstatic.com *.pardot.com wayfinder-context-agent-builds-prod.s3.us-east-2.amazonaws.com *.clarity.ms *.googleadservices.com *.qualtrics.com *.pronavigator.ai; style-src 'self' cdn.aviva.com 'unsafe-inline' *.five9.com *.stackadapt.com fonts.googleapis.com; connect-src 'self' *.amazon.com cdn.aviva.com *.mktoresp.com *.google.com *.google-analytics.com *.bing.com *.doubleclick.net *.google.ca *.demdex.net *.omtrdc.net *.stackadapt.com *.oribi.io *.cookielaw.org *.linkedin.com *.reddit.com *.redditstatic.com *.onetrust.com *.pinterest.com *.teads.tv *.pinimg.com *.amazon-adsystem.com *.redditstatic.com *.amazon *.aviva.ca *.pardot.com *.omtrdc.net api.expert.pronavigator.ai *.clarity.ms *.facebook.com *.googleadservices.com *.qualtrics.com; frame-ancestors 'self' https://*.aviva.ca https://www.slipcase.com https://marketplace.marsh.com
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Strengthen CSP by removing 'unsafe-eval'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
69 domains
aviva.ca
partenaireaviva.ca
bcmotorcycle.aviva.ca
aviva-for-advisers.co.uk
aviva-for-messaging.co.uk
aviva.ie
avivaae.co.uk
avivaavantage.ca
avivaavantage.com
avivacanada.com
bic.avivacanada.com
blog.avivacanada.com
combinedpolicy.avivacanada.com
commerciallines.avivacanada.com
defensibleclaims.avivacanada.com
leisureandlifestyle.avivacanada.com
m.avivacanada.com
avivacommunityfund.co.uk
avivacorporateplatform.co.uk
avivacustomer.co.uk
avivadigitaldivision.ca
avivaeserve.co.uk
avivahealthandwellbeing.co.uk
monaviva.avivainsurance.ca
qa.avivainsurance.ca
avivainvestors.at
avivainvestors.be
avivainvestors.ca
avivainvestors.ch
avivainvestors.co.uk
aimstr.avivainvestors.com
at.avivainvestors.com
au.avivainvestors.com
avivainvestors.com
be.avivainvestors.com
ca.avivainvestors.com
ch.avivainvestors.com
de.avivainvestors.com
es.avivainvestors.com
fi.avivainvestors.com
fr.avivainvestors.com
ie.avivainvestors.com
it.avivainvestors.com
lu.avivainvestors.com
nl.avivainvestors.com
no.avivainvestors.com
avivainvestors.com.au
avivainvestors.de
avivainvestors.es
avivainvestors.ie
avivainvestors.it
avivainvestors.lu
avivainvestors.nl
avivainvestors.se
avivainvestors.sg
avivainvestors.tel
avivamymoney.co.uk
avivapartner.ca
avivatraders.com
avivatransfers.co.uk
avivatriallawyers.com
avivatrusteeplatform.co.uk
controlyourpension.com
friendslife.com
hibernian.ie
hibernianaviva.ie
partner.qs.online-insure.co.uk
qaavantage.ca
quotemehappy.claims
Other domains in certificate