Open
Cached
·
just now
92/100
SECURITY SCORE
Certificate Information
Subject
CN=imperva.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4
Valid From
December 17, 2025
Valid Until
June 15, 2026
172 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
7F:D2:D6:CC:FC:95:18:06:3C:02:A1:B4:D4:1E:FD:E3:71:FB:82:F5:29:89:52:ED:88:11:DA:16:DE:AB:95:40
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Excellent
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
Basic
default-src; script-src; style-src; +6 more
default-src 'unsafe-inline' 'self' *.pwcglb.com *.pwc.com cdn.cookielaw.org *.onetrust.com;script-src 'unsafe-inline' 'unsafe-eval' *.pwcglb.com *.pwc.com cdn.cookielaw.org *.onetrust.com *.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-5654596845436928.storage.googleapis.com data.pendo.io;style-src 'unsafe-inline' *.pwcglb.com *.pwc.com cdn.cookielaw.org *.onetrust.com *.pendo.io cdn.pendo.io pendo-static-5654596845436928.storage.googleapis.com;img-src data: *.pwcglb.com *.pwc.com cdn.cookielaw.org *.onetrust.com cdn.pendo.io app.pendo.io pendo-static-5654596845436928.storage.googleapis.com data.pendo.io;connect-src 'self' *.onetrust.com *.pwcglb.com *.pwc.com cdn.cookielaw.org *.pendo.io data.pendo.io pendo-static-5654596845436928.storage.googleapis.com *.blob.core.windows.net;frame-ancestors *.pendo.io *.pwc.com *.pwcglb.com;frame-src data: *.pendo.io *.powerbi.com *.pwc.com *.docusign.net *.docusign.com;child-src *.pendo.io;worker-src blob:;
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Present
same-origin
Permissions-Policy
Missing
Not configured
Recommendations
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
97 domains
*.pwc.com
connect-stage.pwc.com
digitalmaker-stg-ca.pwc.com
gstcheck-stg.pwc.com
statelifecycletool.pwc.com
*.dev.pwc.com
*.exceladdin-eu-sandbox.pwc.com
clicknplay.lan.pwc.com
development.modeledge.pwc.com
portal.modeledge.pwc.com
qa.modeledge.pwc.com
suntrust.gstcheck-stg.pwc.com
*.api.connectedriskengine.pwc.com
*.clicknplay.lan.pwc.com
api.development.modeledge.pwc.com
api.portal.modeledge.pwc.com
api.qa.modeledge.pwc.com
*.hana-1.prod.ei.hosting.pwc.com
access-check.ca
www.access-check.ca
attestationrdt-attestdbi.be
www.attestationrdt-attestdbi.be
belgianfundreporting.be
www.belgianfundreporting.be
dev.eagledream.com
eagledream.com
www.eagledream.com
imperva.com
api.italiancfctool.it
italiancfctool.it
*.italiancfctool.it
myselfservice.gr
www.myselfservice.gr
api.myworkdiary.it
partnerhub-webhooks-stg.partnertaxhub.com
partnerhub-webhooks.partnertaxhub.com
hrandpayrollservices001.pwc.kz
stg.taxpackagesupport.com
thenewequation.org
*.thenewequation.org
api-immigration-stage.vialto.com
api-immigration.vialto.com
aspire-chat-stage.vialto.com
aspire-smartsearch.vialto.com
aspire-stage.vialto.com
aspire.vialto.com
contingentwork-api.vialto.com
contingentwork.vialto.com
dev-myatlas-bo-api.vialto.com
dev-myatlas-fo-api.vialto.com
dev-myatlas.vialto.com
e42-prod.vialto.com
e42-test.vialto.com
forms.vialto.com
horizon-ch-stage.vialto.com
horizon-ch.vialto.com
immigration-stage.vialto.com
immigration.vialto.com
itm.vialto.com
m-files-athena.vialto.com
maintenance-stage.vialto.com
map-stg.vialto.com
mft4u.vialto.com
mobileapi-stage.vialto.com
mundo-stage.vialto.com
mundo.vialto.com
myaos-apis-dev.vialto.com
myaos-apis-stg.vialto.com
myaos-dev.vialto.com
myatlas-fo-api.vialto.com
*.mymobilityhq-dr.vialto.com
*.mymobilityhq-qa.vialto.com
*.mymobilityhq-stage.vialto.com
*.mymobilityhq.vialto.com
pegasus-stage-api.vialto.com
qa.stbt.vialto.com
qamytrips.vialto.com
remotework-stage.vialto.com
remotework.vialto.com
socialsecurity-dev.vialto.com
socialsecurity-stg.vialto.com
socialsecurity.vialto.com
spoten.vialto.com
ssta-backend.vialto.com
stage-backend-ssta.vialto.com
stg-myatlas-bo-api.vialto.com
stg-myatlas-fo-api.vialto.com
stgmytrips.vialto.com
taxplusweb.vialto.com
test-myatlas-bo-api.vialto.com
test-myatlas-fo-api.vialto.com
test-myatlas.vialto.com
testapp.vialto.com
uat-myatlas-bo-api.vialto.com
uat-myatlas-fo-api.vialto.com
uat-myatlas.vialto.com
*.vialto.com
Other domains in certificate