Open
Cached
·
just now
89/100
SECURITY SCORE
Certificate Information
Subject
UNKNOWN={:asn1_OPENTYPE, <<19, 2, 85, 83>>}, UNKNOWN={:asn1_OPENTYPE, <<19, 8, 68, 101, 108, 97, 119, 97, 114, 101>>}, UNKNOWN={:asn1_OPENTYPE, <<12, 20, 80, 114, 105, 118, 97, 116, 101, 32, 79, 114, 103, 97, 110, 105, 122, 97, 116, 105, 111, 110>>}, UNKNOWN=5110064, C=US, ST=Illinois, L=Chicago, O=TransUnion, CN=www.iovation.com
Issuer
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA
Valid From
April 30, 2025
Valid Until
April 14, 2026
92 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
36:9F:14:2B:3E:D9:9A:8F:8D:B9:67:51:FE:DC:07:51:40:A3:CC:BE:D0:C0:CB:AC:B0:E1:D2:48:F6:3F:15:89
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=15768000; includeSubDomains
Content-Security-Policy
Basic
default-src; script-src; child-src; +7 more
default-src 'self' fonts.gstatic.com cdn-app.pathfactory.com *.lpsnmedia.net *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.transunion.ca *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' c.amazon-adsystem.com *.pathfactory.com *.onetrust.com *.trustarc.com *.truste.com action.dstillery.com a.smtrk.net tracker.pixeltracker.co *.kampyle.com *.medallia.com cdn.inpwrd.net content.inpwrd.net *.adobedtm.com *.liveperson.net https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.transunion.ca *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src www.googletagmanager.com *.trustarc.com *.truste.com insight.adsrvr.org content.inpwrd.net *.kampyle.com *.medallia.com transunion.demdex.net *.google.com *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.hifiona.com *.transunion.com *.transunion.ca blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' s.amazon-adsystem.com ara.paa-reporting-advertising.amazon *.pathfactory.com wss://*.liveperson.net *.liveperson.net *.lpsnmedia.net *.onetrust.com *.trustarc.com *.cloudfront.net identity-force.sjv.io canada.pxf.io *.teads.tv pixelconnector.pixeltracker.co *.kampyle.com *.medallia.com s.yimg.com *.tt.omtrdc.net dpm.demdex.net wss://va.msg.liveperson.net wss://lo.msg.liveperson.net api.iterable.com *.google-analytics.com https://*.analytics.google.com analytics.google.com *.googletagmanager.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.transunion.ca *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.io *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval' https://transunion-ir-v2.cm.invdcloud-is.us https://transunion-ir-v2.cd.invdcloud-is.us www.google.com bat.bing.com ad.doubleclick.net rjs.3gl.net px.ads.linkedin.com tag-logger.demandbase.com adservice.google.com; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com *.transunion.ca blob: f1.media.brightcove.com; img-src * *.lpsnmedia.net *.trustarc.com *.truste.com canada.pxf.io identity-force.sjv.io *.kampyle.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.medallia.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.kampyle.com *.medallia.com *.transunion.com *.transunion.ca *.adobeaemcloud.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com cdn-app.pathfactory.com cdn.pathfactory.com; frame-src * *.lpsnmedia.net *.liveperson.net; style-src * *.lpsnmedia.net *.liveperson.net 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com *.transunion.ca;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance
Subject Alternative Names
15 domains
iovation.com
ecommerce.iovation.com
financial-services.iovation.com
gambling.iovation.com
gaming.iovation.com
government-dev.iovation.com
government.iovation.com
insurance.iovation.com
online-communities.iovation.com
partnerportal.iovation.com
retail.iovation.com
telecommunications-dev.iovation.com
telecommunications.iovation.com
travel-ticketing.iovation.com
www.iovation.com