SSL Certificate Analysis for ze.codes - Security Grade & TLS Configuration

Open Cached · just now

91/100 SECURITY SCORE

Certificate Information

Subject

CN=imperva.com

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2026 Q1

Valid From

February 06, 2026

Valid Until

August 05, 2026 178 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

56:24:93:F7:42:B6:BE:C9:CD:D5:9A:90:C6:CC:53:49:95:FD:F7:FE:C4:58:AA:4D:A0:D8:E2:A5:0C:3C:47:20

Alternative Names

70 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000; includeSubdomains; preload

Content-Security-Policy

Basic

default-src; script-src; style-src; +10 more

default-src 'self' https://cdn.jsdelivr.net https://*.console.glassboxsaas.com https://*.report.gbss.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.appsflyer.com https://maps.googleapis.com https://places.googleapis.com https://cdn.segment.com https://ze.delivery https://repo.incognia.com https://*.google.com https://*.gstatic.com https://*.google.com.br https://*.google-analytics.com https://*.googletagmanager.com https://optanon.blob.core.windows.net https://connect.facebook.net https://code.jquery.com https://cdn.cookielaw.org https://analytics.tiktok.com https://*.hotjar.com https://*.tailtarget.com https://pixel.mathtag.com https://web-sdk-cdn.singular.net https://*.clearsale.com.br https://cdn.jsdelivr.net https://www.googleadservices.com https://*.clarity.ms https://*.ze.delivery https://www.google.com/ads/ga-audiences https://cdn.gbqofs.com https://*.console.glassboxsaas.com https://lantern.roeyecdn.com https://www.dwin1.com https://*.report.gbss.io https://*.awin1.com https://the.sciencebehindecommerce.com https://*.split.io; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optanon.blob.core.windows.net https://www.googletagmanager.com https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' blob: data: https://*.bing.com courier-images-web.imgix.net courier-images-frontrelease.imgix.net courier-images-prod.imgix.net https://*.google-analytics.com https://*.googleapis.com https://ads.scorecardresearch.com https://eb2.3lift.com https://t.mookie1.com https://analytics.twitter.com https://us-u.openx.net https://id5-sync.com https://match.sharethrough.com https://analytics.twitter.com https://image2.pubmatic.com https://x.bidswitch.net https://odr.mookie1.com https://loadus.exelator.com https://contextual.media.net https://maps.googleapis.com https://places.googleapis.com https://www.facebook.com https://*.clearsale.com.br https://www.google.com https://www.google.com.br https://*.tailtarget.com https://*.singular.net https://*.hotjar.com https://*.incognia.com https://*.typeform.com https://*.doubleclick.net https://*.tiktok.com https://*.onetrust.com https://*.gstatic.com https://*.mathtag.com https://*.googleadservices.com https://*.facebook.net https://*.amazoncognito.com https://*.google.com https://*.ze.delivery https://img.saveur-biere.com https://content.hotjar.io https://translate.google.com https://adservice.google.com https://tags.w55c.net https://tags.bluekai.com https://dsum-sec.casalemedia.com https://idsync.rlcdn.com https://*.stickyadstv.com https://*.akgn.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://aa.agkn.com https://ce.lijit.com https://c.clarity.ms https://*.awin1.com https://www.awin1.com https://*.tapad.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://www.typeform.com; frame-src 'self' https://form.typeform.com https://*.doubleclick.net https://www.typeform.com https://*.google.com https://www.facebook.com https://www.googletagmanager.com https://zecompensa.ze.delivery https://*.awin1.com https://www.awin1.com https://zecompensa.ze.delivery; upgrade-insecure-requests ; connect-src 'self' https://api.pagar.me https://*.onelink.me https://*.google-analytics.com https://www.facebook.com https://*.google.com https://maps.googleapis.com https://places.googleapis.com https://*.clarity.ms https://*.split.io https://auth.split.io https://api.split.io https://*.ze.delivery https://api.club.zedelivery.in https://*.incognia.com https://*.icg-in.com wss://*.icg-in.com wss://*.incognia.com wss://ws.hotjar.com https://cdn.segment.com https://api.segment.io https://*.segment.com https://*.segment.io https://cdn.cookielaw.org https://*.onetrust.com https://analytics.google.com https://*.hotjar.com https://*.hotjar.io https://cognito-idp.us-west-2.amazonaws.com https://cdn.jsdelivr.net https://*.clearsale.com.br https://*.dynamsoft.com https://*.zedelivery.in https://*.gbqofs.io https://sdk-api-v1.singular.net https://*.gstatic.com https://ze-auth-service-consumer-prod.auth.us-west-2.amazoncognito.com https://ze-auth-service-consumer-frontrelease.auth.us-west-2.amazoncognito.com https://www.google.com/ads/ga-audiences https://*.console.glassboxsaas.com https://*.report.gbss.io https://*.googleadservices.com https://www.google.com.br https://www.dwin1.com https://www.awin1.com https://*.doubleclick.net https://*.appsflyer.com https://*.imgix.net https://*.googleapis.com https://*.tiktok.com;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Present

ch-ua-model=("https://sdk-api-v1.singular.net"), ch-ua-platform-version=("https://sdk-api-v1.singular.net"), ch-ua-full-version-list=("https://sdk-api-v1.singular.net"), attribution-reporting=(), browsing-topics=(), otp-credentials=(), accelerometer=(self "https://zecompensa.ze.delivery"),attribution-reporting=(self "https://zecompensa.ze.delivery"),autoplay=(self "https://zecompensa.ze.delivery"),bluetooth=(self "https://zecompensa.ze.delivery"),browsing-topics=(self "https://zecompensa.ze.delivery"),camera=(self "https://zecompensa.ze.delivery"),compute-pressure=(self "https://zecompensa.ze.delivery"),display-capture=(self "https://zecompensa.ze.delivery"),encrypted-media=(self "https://zecompensa.ze.delivery"),fullscreen=(self "https://zecompensa.ze.delivery"),gamepad=(self "https://zecompensa.ze.delivery"),geolocation=(self "https://zecompensa.ze.delivery"),gyroscope=(self "https://zecompensa.ze.delivery"),hid=(self "https://zecompensa.ze.delivery"),identity-credentials-get=(self "https://zecompensa.ze.delivery"),idle-detection=(self "https://zecompensa.ze.delivery"),local-fonts=(self "https://zecompensa.ze.delivery"),magnetometer=(self "https://zecompensa.ze.delivery"),microphone=(self "https://zecompensa.ze.delivery"),midi=(self "https://zecompensa.ze.delivery"),otp-credentials=(self "https://zecompensa.ze.delivery"),payment=(self "https://zecompensa.ze.delivery"),picture-in-picture=(self "https://zecompensa.ze.delivery"),publickey-credentials-create=(self "https://zecompensa.ze.delivery"),publickey-credentials-get=(self "https://zecompensa.ze.delivery"),screen-wake-lock=(self "https://zecompensa.ze.delivery"),serial=(self "https://zecompensa.ze.delivery"),storage-access=(self "https://zecompensa.ze.delivery"),usb=(self "https://zecompensa.ze.delivery"),web-share=(self "https://zecompensa.ze.delivery"),window-management=(self "https://zecompensa.ze.delivery"),xr-spatial-tracking=(self "https://zecompensa.ze.delivery")

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

70 domains

ze.codes *.ze.codes

Other domains in certificate

*.ab-inbev.com *.staging.hoppy.ab-inbev.com

abiboardvideoportal.com *.abiboardvideoportal.com

abinbev.cl *.abinbev.cl

*.abmarketing.com

abmartechportal.com *.abmartechportal.com

*.bavaria.co

becker.cl *.becker.cl

*.api.beertech.com *.oneportal.beertech.com

assets.beesbank.com.br

*.brewbox360.com

*.budweiser.com

prc.busch.com

cantaritos.com *.cantaritos.com

cbn.bo *.cbn.bo

*.ccc.es

cervezacorona.mx *.cervezacorona.mx

*.cbn.com.bo

canchita.com.py *.canchita.com.py cervepar.com.py *.cervepar.com.py cervezapatagonia.com.py *.cervezapatagonia.com.py pilsen.com.py *.pilsen.com.py

*.corona.com

drinklajarra.com *.drinklajarra.com

imperva.com

konabigwave.com *.konabigwave.com

kwak.be *.kwak.be

labattpub.com *.labattpub.com

mikeshardglobal.com *.mikeshardglobal.com

montejo.com *.montejo.com

mybeerrebate.com *.mybeerrebate.com

*.cosmosdb.uat.mybees-platform.dev *.cosmosdb2.uat.mybees-platform.dev

*.mybees.be

nutrlvodka.com *.nutrlvodka.com

papt2.com *.papt2.com

reignoftitans.gg *.reignoftitans.gg

*.techmaz.mx

tempocraftgin.com *.tempocraftgin.com

trackyourbud.com www.trackyourbud.com

*.dev.ze.delivery *.ze.delivery

*.club.zedelivery.in *.zedelivery.in