DNS Gurus
Cached · just now
80/100 SECURITY SCORE

Certificate Information

Subject
CN=imperva.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4
Valid From
December 20, 2025
Valid Until
June 18, 2026 157 days
Public Key
RSA 2048 bit Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
F1:5D:B1:97:30:D5:D8:75:AF:D4:23:0A:23:D7:D8:1D:43:79:9F:A8:81:86:4F:24:49:25:61:B5:E0:B2:AC:C1
Alternative Names
148 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Configured (Restricts certificate issuance)
Current Issuer
Authorized (Matches CAA policy)
Authorized CAs
globalsign.com digicert.com amazon.com letsencrypt.org pki.goog
Wildcard CAs
amazon.com globalsign.com pki.goog digicert.com letsencrypt.org
Incident Reporting
Recommendations
  • Consider using critical flag (flags=128) for stricter CAA enforcement
  • You have authorized 5 CAs - consider limiting to only the CAs you actively use

Subject Alternative Names

148 domains
sabre.com *.sabre.com airschedules.sabre.com callcenter-8u-ut1.sabre.com imperva-dummy-app.sabre.com lds.sabre.com s3analytics.sabre.com *.cdc.sabre.com *.cert.sabre.com *.int.sabre.com *.prod.sabre.com *.profiles.sabre.com *.rail.sabre.com *.updatesite.sabre.com sabremosaic-api-ut1-va.cert.sabre.com viewership.cert.sabre.com webkm.ri.sabre.com webux.ix.sabre.com *.dev.aws.sabre.com *.updatesite.cert.sabre.com 5t.avro.prod.sabre.com airline.api.platform.sabre.com gf.avfo.cert.sabre.com km.avro.prod.sabre.com nc.reaccom-manager.cert.sabre.com webpmp.km.ri.sabre.com *.aem1.cert.aws.sabre.com *.aem1.dev.aws.sabre.com *.aem2.cert.aws.sabre.com *.ci01.cert.aws.sabre.com *.ci02.cert.aws.sabre.com *.ci11.cert.aws.sabre.com *.ci11.prod.aws.sabre.com *.ci12.cert.aws.sabre.com *.ci12.prod.aws.sabre.com *.ci13.cert.aws.sabre.com *.ci14.cert.aws.sabre.com *.dai01.cert.aws.sabre.com *.dai02.cert.aws.sabre.com *.dai11.prod.aws.sabre.com *.dai12.prod.aws.sabre.com *.dx01.cert.aws.sabre.com *.dx02.cert.aws.sabre.com *.dx11.cert.aws.sabre.com *.dx11.dev.aws.sabre.com *.dx11.prod.aws.sabre.com *.dx12.cert.aws.sabre.com *.dx12.prod.aws.sabre.com *.dx13.cert.aws.sabre.com *.dx14.cert.aws.sabre.com *.dx21.cert.aws.sabre.com *.dx22.cert.aws.sabre.com *.dx23.cert.aws.sabre.com *.dx24.cert.aws.sabre.com *.dx31.dev.aws.sabre.com *.dx41.dev.aws.sabre.com *.dx51.dev.aws.sabre.com *.dx52.dev.aws.sabre.com *.dx53.dev.aws.sabre.com *.dx54.dev.aws.sabre.com *.dxci11.dev.aws.sabre.com *.dxci31.dev.aws.sabre.com *.shs.cert.asc.sabre.com dx.ci21.prod.aws.sabre.com dx.ci22.prod.aws.sabre.com www.1s01.usc1.planning-optimization.sabre.com *.aca.as.cert.asc.sabre.com *.as.sswaem.cert.aws.sabre.com *.as.sswaem.prod.aws.sabre.com *.avri.as.cert.asc.sabre.com *.avri.as.prod.asc.sabre.com ascert.avix.ix-as.prod.asc.sabre.com asdev.avix.ix-as.prod.asc.sabre.com

Other domains in certificate

dxbooking-stage.aircambodia.com dxbooking.aircambodia.com
booking.airserbia.com dxcheckin.airserbia.com
booking.canadiannorth.com checkin.canadiannorth.com
booking.caymanairways.com dc-cert.caymanairways.com dc.caymanairways.com dcci-cert.caymanairways.com dcci.caymanairways.com dx-cert.checkin.caymanairways.com dx-stage.checkin.caymanairways.com dx.checkin.caymanairways.com flights-cert.caymanairways.com flights-stage.caymanairways.com flights.caymanairways.com
apigw.lowcostil.co.il apigw.nofeshonline.co.il deasy.co.il *.deasy.co.il ldsf.sabre.co.il ldss.sabre.co.il metzerpre.sabre.co.il *.sabre.co.il
checkin.airniugini.com.pg dc.airniugini.com.pg dx-flights.airniugini.com.pg
booking.ethiopianairlines.com dc-cert.ethiopianairlines.com dc.ethiopianairlines.com dxbooking-cert.ethiopianairlines.com dxbooking-stage.ethiopianairlines.com dxbooking.ethiopianairlines.com
*.cert.getthere.net *.getthere.net
imperva.com
dcci-cert.lionairthai.com dcci.lionairthai.com dx-cert.checkin.lionairthai.com dx-stage.checkin.lionairthai.com dx.checkin.lionairthai.com
dcci-cert.malindoair.com dcci.malindoair.com dx-cert.checkin.malindoair.com dx-stage.checkin.malindoair.com dx.checkin.malindoair.com
lodgeredhook.mynuvola.com m.mynuvola.com
booking.omanair.com bookings.omanair.com dc-checkin.omanair.com dc.omanair.com dxcheckin.omanair.com
aok.app.radixxhost.com
zipappota.radixxuat.com zipappuat.radixxuat.com zipdcsuat.radixxuat.com zipresuat.radixxuat.com
*.sabrehospitality.com
*.asc.synxis.com be-cms-e2.synxis.com be-cms-i1.synxis.com be-e2.synxis.com be-i1.synxis.com *.bts.synxis.com *.synxis.com
talknroll.pl www.talknroll.pl
travel.tripcase.com tripcase.com *.tripcase.com
book.virginaustralia.com dc.virginaustralia.com
book-dev.virginaustralia.io