SSL Certificate Analysis for cbeapi.com - Security Grade & TLS Configuration

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

CN=imperva.com

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4

Valid From

November 26, 2025

Valid Until

May 25, 2026 131 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

91:D6:16:D8:87:AC:BC:B3:D2:D0:10:25:A3:1A:14:AD:A6:AE:BF:25:04:C4:FE:FF:0D:B4:EE:3C:E5:4C:42:B0

Alternative Names

146 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

146 domains

cbeapi.com *.cbeapi.com

Other domains in certificate

*.180-360.ab-inbev.com *.ab-inbev.com *.catexpert.ab-inbev.com *.compliance-channel.ab-inbev.com *.genome-requests.ab-inbev.com *.genome.ab-inbev.com *.metrics.ab-inbev.com *.mobility.ab-inbev.com *.mybenefits.ab-inbev.com *.mydashboard.ab-inbev.com *.oneverse.ab-inbev.com *.oneway.ab-inbev.com *.pilsener.aurora.ab-inbev.com *.witbier.aurora.ab-inbev.com *.za.ab-inbev.com

abipages.com *.abipages.com

*.abverify.com

abwp.us *.abwp.us qa.abwp.us qa.api.abwp.us www.abwp.us

*.ambevdevs.com.br

ambevon.com.br *.ambevon.com.br

anheuser-busch-bud.de *.anheuser-busch-bud.de

*.anheuser-busch.com

backus-programa.pe *.backus-programa.pe

barbarian.pe *.barbarian.pe

becks.it *.becks.it *.testing-esperienze.becks.it

*.alchemy.beertech.com *.michelobultra.beertech.com *.pricing.beertech.com *.redirect.beertech.com

*.bees-internal.dev

*.uat.bees-platform.dev

bees.com *.bees.com

beesbank.com.br *.beesbank.com.br

*.beesdata.science

beyondbeerrefresh.com www.beyondbeerrefresh.com

biobrew.com *.biobrew.com

bmix.cl *.bmix.cl

budexchange.com *.budexchange.com

*.budlight.com

budnetec.com *.budnetec.com

budpayments.com *.budpayments.com

budweiser.com.br *.budweiser.com.br

carlingpredictor.com *.carlingpredictor.com

castlescrumble.co.za *.castlescrumble.co.za

cbeqa.com *.cbeqa.com

cheerscommunity.com www.cheerscommunity.com

cidrerielacroix.com *.cidrerielacroix.com

ciscobrewers.com www.ciscobrewers.com

cervezacorona.com.do *.cervezacorona.com.do

tadadelivery.com.ec *.tadadelivery.com.ec

brahma.com.py *.brahma.com.py

consumoresponsable.com.mx *.consumoresponsable.com.mx

contractscolab.com *.contractscolab.com

coronabeach100.ca *.coronabeach100.ca

*.hub.donuslabs.net

drinkneonburst.com www.drinkneonburst.com

drinkomission.com www.drinkomission.com

drinkskimmers.com *.drinkskimmers.com

flyingfishbeer.com *.flyingfishbeer.com

fritesartois.com *.fritesartois.com

*.scan.hertogjan.nl

hooptea.com www.hooptea.com

imperva.com

kokaneebeer.ca *.kokaneebeer.ca

labattbettertogether.ca www.labattbettertogether.ca

membeers.com *.membeers.com

*.eu.mybees-platform.com *.mybees-platform.com

*.bcp.mybees-platform.dev *.gds2.uat.mybees-platform.dev

mydiekirch.lu *.mydiekirch.lu

neonharddrinks.com www.neonharddrinks.com

nilebreweries.com *.nilebreweries.com

nutrlusa.com *.nutrlusa.com

phormenergy.com *.phormenergy.com

planbees.io *.planbees.io

*.portaldplus.com

*.promaxcloud.com.br

sabfoundation.co.za *.sabfoundation.co.za

*.sanmiguel-ibiza.com

stellaperfectpour.com www.stellaperfectpour.com

stellasignature.com *.stellasignature.com

tada.com.ar *.tada.com.ar

*.tripelkarmeliet.com

wimbledon-stellaartois.ch *.wimbledon-stellaartois.ch

wimbledon-stellaartois.com *.wimbledon-stellaartois.com

www.wynwoodbrewing.com wynwoodbrewing.com

*.dev.ze.delivery

ze.vu *.ze.vu