Open
Cached
·
just now
85/100
SECURITY SCORE
Certificate Information
Subject
CN=*.admission.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q3
Valid From
August 10, 2025
Valid Until
September 11, 2026
232 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
10:ED:36:95:2E:66:3A:83:C7:5B:64:48:AB:42:C5:AB:52:F3:39:FC:1F:71:B7:08:D3:9B:AA:B8:4F:18:9A:FF
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
Forward Secrecy
Limited
(Check cipher configuration)
Warnings
- • TLS 1.3 is not supported (recommended)
HTTP Security Headers
Status
Strict-Transport-Security
Good
max-age=315360000; includeSubDomains
Content-Security-Policy
Basic
default-src; connect-src; script-src; +4 more
default-src 'self' tm-b2b.okta.com b2bid-login.ticketmaster.com *.oktacdn.com cf-b2bid-login.tmone.pub-tmaws.io one.ticketmaster.com rum-ingest.us1.signalfx.com; connect-src 'self' tm-b2b.okta.com tm-b2b-admin.okta.com b2bid-login.ticketmaster.com *.oktacdn.com *.mixpanel.com *.mapbox.com tm-b2b.kerberos.okta.com tm-b2b.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: cf-b2bid-login.tmone.pub-tmaws.io one.ticketmaster.com rum-ingest.us1.signalfx.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample' tm-b2b.okta.com b2bid-login.ticketmaster.com *.oktacdn.com cf-b2bid-login.tmone.pub-tmaws.io one.ticketmaster.com rum-ingest.us1.signalfx.com; style-src 'unsafe-inline' 'self' 'report-sample' tm-b2b.okta.com b2bid-login.ticketmaster.com *.oktacdn.com cf-b2bid-login.tmone.pub-tmaws.io one.ticketmaster.com rum-ingest.us1.signalfx.com; frame-src 'self' tm-b2b.okta.com tm-b2b-admin.okta.com b2bid-login.ticketmaster.com login.okta.com *.vidyard.com com-okta-authenticator: cf-b2bid-login.tmone.pub-tmaws.io one.ticketmaster.com rum-ingest.us1.signalfx.com; img-src 'self' tm-b2b.okta.com b2bid-login.ticketmaster.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: cf-b2bid-login.tmone.pub-tmaws.io one.ticketmaster.com rum-ingest.us1.signalfx.com blob:; font-src 'self' tm-b2b.okta.com b2bid-login.ticketmaster.com data: *.oktacdn.com fonts.gstatic.com cf-b2bid-login.tmone.pub-tmaws.io one.ticketmaster.com rum-ingest.us1.signalfx.com
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer
Permissions-Policy
Missing
Not configured
Recommendations
- • Consider adding 'preload' to HSTS for maximum security
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
ticketmaster.com
*.ticketmaster.com
am-static-01.ticketmaster.com
checkout.ticketmaster.com
mw.ticketmaster.com
preprod1-am.ticketmaster.com
stg1-am.ticketmaster.com
admin.preprod-verifiedfan.ticketmaster.com
admin.verifiedfan.ticketmaster.com
stage.checkout.ticketmaster.com
www.verifiedfan.ticketmaster.com
*.admission.com
*.biletix.com
*.livenation.co.il
*.livenation.co.th
*.livenation.com.tw
*.comedystopcopenhagen.dk
identity.eventinventory.com
*.livenation.ae
fr.livenation.be
nl.livenation.be
*.livenation.cn
*.livenation.co.jp
*.livenation.co.nz
*.livenation.co.uk
*.livenation.co.za
concerts.livenation.com
verifiedfan.livenation.com
*.livenation.com.au
*.livenation.cz
*.livenation.de
*.livenation.dk
*.livenation.ee
*.livenation.es
*.livenation.fi
*.livenation.fr
*.livenation.hk
*.livenation.hu
*.livenation.it
*.livenation.kr
*.livenation.lt
*.livenation.nl
*.livenation.no
*.livenation.pl
*.livenation.qa
*.livenation.se
*.livenation.sg
*.livenationinternational.com
am-prod-client-files.ppub-tmaws.io
am-static-02.ppub-tmaws.io
am-static-03.ppub-tmaws.io
am-static-04.ppub-tmaws.io
am-stg-client-files.ppub-tmaws.io
am-stg-common-content.ppub-tmaws.io
common-widgets.ppub-tmaws.io
stg-common-widgets.ppub-tmaws.io
buy.taylorswifttix.com
*.ticketmaster.at
*.ticketmaster.be
ticketmaster.ca
*.ticketmaster.ca
verifiedfan.ticketmaster.ca
*.ticketmaster.ch
identity.ticketmaster.co.nz
m.ticketmaster.co.nz
ticketmaster.co.nz
*.ticketmaster.co.nz
verifiedfan.ticketmaster.co.nz
identity.ticketmaster.co.uk
ticketmaster.co.uk
verifiedfan.ticketmaster.co.uk
embed.ticketmaster.com.au
harrypotter.ticketmaster.com.au
identity.ticketmaster.com.au
m.ticketmaster.com.au
*.ticketmaster.com.au
verifiedfan.ticketmaster.com.au
identity.ticketmaster.com.mx
m.ticketmaster.com.mx
*.ticketmaster.cz
*.ticketmaster.de
*.ticketmaster.dk
*.ticketmaster.es
*.ticketmaster.fi
*.ticketmaster.fr
identity.ticketmaster.ie
ticketmaster.ie
verifiedfan.ticketmaster.ie
*.ticketmaster.it
embed-au-alpha.ticketmaster.net
embed-au-int.ticketmaster.net
int-checkout.ticketmaster.net
micro-au.ticketmaster.net
*.ticketmaster.nl
*.ticketmaster.no
*.ticketmaster.pl
*.ticketmaster.se
*.ticketweb.co.uk
*.lne.nonprod.public.tmaws.eu
*.tmol.co
Other domains in certificate