Open
Cached
·
just now
86/100
SECURITY SCORE
Certificate Information
Subject
CN=imperva.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4
Valid From
December 17, 2025
Valid Until
June 15, 2026
172 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
7F:D2:D6:CC:FC:95:18:06:3C:02:A1:B4:D4:1E:FD:E3:71:FB:82:F5:29:89:52:ED:88:11:DA:16:DE:AB:95:40
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15724800; includeSubDomains
Content-Security-Policy
Basic
default-src; frame-src; child-src; +13 more
default-src *;frame-src *;child-src * blob: data:;worker-src * blob: data:;img-src * blob: data:;media-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';font-src * blob: data:;connect-src *;base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none'
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
origin,same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
97 domains
*.vialto.com
api-immigration-stage.vialto.com
api-immigration.vialto.com
aspire-chat-stage.vialto.com
aspire-smartsearch.vialto.com
aspire-stage.vialto.com
aspire.vialto.com
contingentwork-api.vialto.com
contingentwork.vialto.com
dev-myatlas-bo-api.vialto.com
dev-myatlas-fo-api.vialto.com
dev-myatlas.vialto.com
e42-prod.vialto.com
e42-test.vialto.com
forms.vialto.com
horizon-ch-stage.vialto.com
horizon-ch.vialto.com
immigration-stage.vialto.com
immigration.vialto.com
itm.vialto.com
m-files-athena.vialto.com
maintenance-stage.vialto.com
map-stg.vialto.com
mft4u.vialto.com
mobileapi-stage.vialto.com
mundo-stage.vialto.com
mundo.vialto.com
myaos-apis-dev.vialto.com
myaos-apis-stg.vialto.com
myaos-dev.vialto.com
myatlas-fo-api.vialto.com
pegasus-stage-api.vialto.com
qamytrips.vialto.com
remotework-stage.vialto.com
remotework.vialto.com
socialsecurity-dev.vialto.com
socialsecurity-stg.vialto.com
socialsecurity.vialto.com
spoten.vialto.com
ssta-backend.vialto.com
stage-backend-ssta.vialto.com
stg-myatlas-bo-api.vialto.com
stg-myatlas-fo-api.vialto.com
stgmytrips.vialto.com
taxplusweb.vialto.com
test-myatlas-bo-api.vialto.com
test-myatlas-fo-api.vialto.com
test-myatlas.vialto.com
testapp.vialto.com
uat-myatlas-bo-api.vialto.com
uat-myatlas-fo-api.vialto.com
uat-myatlas.vialto.com
*.mymobilityhq-dr.vialto.com
*.mymobilityhq-qa.vialto.com
*.mymobilityhq-stage.vialto.com
*.mymobilityhq.vialto.com
qa.stbt.vialto.com
access-check.ca
www.access-check.ca
attestationrdt-attestdbi.be
www.attestationrdt-attestdbi.be
belgianfundreporting.be
www.belgianfundreporting.be
dev.eagledream.com
eagledream.com
www.eagledream.com
imperva.com
api.italiancfctool.it
italiancfctool.it
*.italiancfctool.it
myselfservice.gr
www.myselfservice.gr
api.myworkdiary.it
partnerhub-webhooks-stg.partnertaxhub.com
partnerhub-webhooks.partnertaxhub.com
*.api.connectedriskengine.pwc.com
api.development.modeledge.pwc.com
api.portal.modeledge.pwc.com
api.qa.modeledge.pwc.com
clicknplay.lan.pwc.com
*.clicknplay.lan.pwc.com
connect-stage.pwc.com
*.dev.pwc.com
development.modeledge.pwc.com
digitalmaker-stg-ca.pwc.com
*.exceladdin-eu-sandbox.pwc.com
gstcheck-stg.pwc.com
*.hana-1.prod.ei.hosting.pwc.com
portal.modeledge.pwc.com
*.pwc.com
qa.modeledge.pwc.com
statelifecycletool.pwc.com
suntrust.gstcheck-stg.pwc.com
hrandpayrollservices001.pwc.kz
stg.taxpackagesupport.com
thenewequation.org
*.thenewequation.org
Other domains in certificate