Open
Cached
·
just now
82/100
SECURITY SCORE
Certificate Information
Subject
CN=imperva.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q4
Valid From
January 19, 2026
Valid Until
July 18, 2026
166 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
80:06:FA:8B:EE:8A:C0:78:3C:25:8D:4B:7E:7C:C3:E4:FD:22:D1:03:40:70:FF:6B:BA:F6:BF:4A:54:AC:58:7C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Weak
upgrade-insecure-requests; frame-ancestors
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Significantly strengthen CSP directives
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
playmaker.beer
*.playmaker.beer
*.argocd.ab-inbev.com
*.belgiumevent-backend-uat.ab-inbev.com
*.insights-copilot.staging.ab-inbev.com
*.lcm.ab-inbev.com
*.maz.ab-inbev.com
*.staging.ab-inbev.com
*.watchtower-develop.ab-inbev.com
*.ab-inbev.in
*.ab-inbev.nl
abfeedbackfactory.com
*.abfeedbackfactory.com
*.abinbev.com
*.ambev.com.br
*.aspirationx.co.za
balboaice.com
*.balboaice.com
beachdayeveryday.com
*.beachdayeveryday.com
beatssensesus.com
*.beatssensesus.com
*.esperienze.becks.it
*.graph.beertech.com
*.m360-accounts.beertech.com
*.bees-kconnect.com
*.crt.sit.bees-platform.dev
*.crt.uat.bees-platform.dev
*.martech.uat.bees-platform.dev
*.stg.beesbank.com.br
beespromo.com
*.beespromo.com
breweryvisits.com
*.breweryvisits.com
buschbeer.ca
*.buschbeer.ca
beesmart.co.kr
*.beesmart.co.kr
beessmart.co.kr
*.beessmart.co.kr
presidente.com.do
*.presidente.com.do
accrabrewery.com.gh
*.accrabrewery.com.gh
cervezacorona.com.py
*.cervezacorona.com.py
viaggia.corona-extra.com
*.viaggia.corona-extra.com
corona-island.at
*.corona-island.at
corona-island.be
*.corona-island.be
drinkshakenhardrefresher.com
*.drinkshakenhardrefresher.com
elp-online.be
*.elp-online.be
*.elysianbrewing.com
imperva.com
jetskol.com
*.jetskol.com
*.leffe.it
leyendasdeorigen.cl
*.leyendasdeorigen.cl
*.gds1.mybees-platform.com
*.martech.mybees-platform.com
*.sre.mybees-platform.com
*.dtc.sit.mybees-platform.dev
mybees-platform.dev
*.mybees-platform.dev
*.obcpeople.com
obpocs.com
*.obpocs.com
oneabiway.com
*.oneabiway.com
*.perfectdraft.com
*.qrcode.beer
quilmes.cl
*.quilmes.cl
rotdevelopment.dev
*.rotdevelopment.dev
smartcomms-abi.com
*.smartcomms-abi.com
*.somosmaz.com
qr.stellaartois.com
*.qr.stellaartois.com
stellaartois.com.ar
*.stellaartois.com.ar
stellaartoisratemyperfectserve.com
*.stellaartoisratemyperfectserve.com
tada.codes
*.tada.codes
tadadelivery.com
*.tadadelivery.com
tapintoyourbeer.com
*.tapintoyourbeer.com
thepubclub.beer
*.thepubclub.beer
ugb-dachau.de
*.ugb-dachau.de
*.dev.zedelivery.in
Other domains in certificate