Open
Cached
·
just now
80/100
SECURITY SCORE
Certificate Information
Subject
CN=*.maven.io
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4
Valid From
November 18, 2025
Valid Until
December 20, 2026
333 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
DD:55:20:B8:F3:89:E2:3E:C6:E0:E2:E1:EC:F4:BF:E8:D3:D0:F4:F3:99:AD:4B:C8:D3:81:38:29:30:17:08:C6
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31557600
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Configured
(Restricts certificate issuance)
Current Issuer
Authorized
(Matches CAA policy)
Authorized CAs
Recommendations
- • Consider using critical flag (flags=128) for stricter CAA enforcement
- • You have authorized 6 CAs - consider limiting to only the CAs you actively use
- • Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts
- • Consider adding 'issuewild' records to control wildcard certificate issuance
Subject Alternative Names
102 domains
thestreet.com
link.thestreet.com
subscription.thestreet.com
thestreet.thestreet.com
topstocks.thestreet.com
uat.thestreet.com
www.thestreet.com
*.qa2.thestreet.com
adventuresportsnetwork.com
www.adventuresportsnetwork.com
allbearcats.com
allbengals.com
allbruins.com
allhuskers.com
alllakers.com
www.alllakers.com
allsooners.com
athlonsports.com
www.athlonsports.com
ts.autoblog.com
awomanshealth.com
www.awomanshealth.com
trending.axleaddict.com
basketballzone.com
www.basketballzone.com
bellatory.com
bitcoinmagazine.com
www.bitcoinmagazine.com
boatersnewswire.com
boilermakersnow.com
bringmethenews.com
www.bringmethenews.com
businessmanojpodcast.com
www.businessmanojpodcast.com
businessofeverythingwithmanoj.com
www.businessofeverythingwithmanoj.com
businesswithmanoj.com
www.businesswithmanoj.com
caloriebee.com
cavaliersnow.com
cavsnow.com
comecruisewith.com
www.comecruisewith.com
cripto247.com
www.cripto247.com
dealbreaker.com
enfuegonow.com
www.enfuegonow.com
www.fashionista.com
fishsportsdallas.com
www.fishsportsdallas.com
gamedaily.com
www.gamedaily.com
giantscountry.com
www.howcast.com
howtheyplay.com
huskiesreport.com
insidetheknights.com
letterpile.com
lindyssports.com
www.lindyssports.com
manojpodcast.com
www.manojpodcast.com
marinascats.com
*.fastly.maven.io
maven.io
*.maven.io
*.qa-fastly.maven.io
mavencorp.io
metaledgemag.com
www.metaledgemag.com
www.morningread.com
opposingviews.com
www.opposingviews.com
paradehomeandgarden.com
www.paradehomeandgarden.com
pawnation.com
www.pawnation.com
remedygrove.com
roundtable.io
roundtablecrypto.io
www.roundtablecrypto.io
history-origin.prod.saymedia.com
sportsillustrated-origin.prod.saymedia.com
www.secondspleasesarah.com
tatring.com
people.thearenagroup.net
thearthritisconnection.com
www.thearthritisconnection.com
www.theglowmemo.com
*.themaven.net
thespinecommunity.com
www.thespinecommunity.com
travelhost.com
www.travelhost.com
tvsquad.com
www.tvsquad.com
watchthis.com
www.watchthis.com
wildcatsdaily.com
wokeamerica.com
www.wrestlingnewsworld.com
Other domains in certificate