What is the security status of ihsa.ca?

ihsa.ca has a security score of 68/100, rated as Moderate Risk. The website may have security concerns that should be addressed.

Is ihsa.ca safe to use?

Our security scan shows ihsa.ca is Moderate Risk. SSL security issues detected. Always practice safe browsing habits.

Does ihsa.ca have viruses?

Our comprehensive security scan analyzes multiple security factors. Based on the overall security score of 68/100, the website is rated as Moderate Risk. However, websites can change over time, so always use updated security software.

What is ihsa.ca's trust score?

ihsa.ca has a security score of 68/100. This score is based on multiple factors including SSL security, security headers, DNS health, and compliance checks.

Is ihsa.ca Safe? Security Analysis for Infrastructure Health and Safety Association

https://ihsa.ca

Check if ihsa.ca is a scam or legitimate. Free security scan and reviews.

TransportationCanadalarge

ASP.NETjQuery 2.1.1Google AnalyticsGoogle Tag ManagerHeap Analytics+4 more

Analyzed 10/4/2025Completed 4:17:31 AM

Security Score

MEDIUM RISK

AI Summary

Infrastructure Health and Safety Association (IHSA) is a leading non-profit organization in Ontario dedicated to occupational health and safety across multiple sectors including construction, transportation, electrical utilities, and aggregates. The website serves as a comprehensive resource hub offering training, consulting, certification programs, and safety products. IHSA maintains a strong market position as a trusted authority in workplace safety, supported by official certifications and government partnerships. The digital presence is professional, well-branded, and targets workers and employers in Ontario's industrial sectors. Technically, the website is built on ASP.NET WebForms with a mature technology stack including jQuery, Google Analytics, Heap Analytics, and multiple marketing and tracking tools. The site is moderately performant, mobile-optimized, and includes accessibility features, though there is room for improvement in accessibility compliance. Security posture is strong with HTTPS, session management, and security cookies, but explicit security headers and incident response information are not publicly documented. Privacy compliance is robust with a comprehensive privacy policy, cookie consent mechanisms, and GDPR considerations. Contact information is clearly provided with verified company emails and phone numbers. No critical vulnerabilities or suspicious patterns were detected. The WHOIS data is unavailable likely due to privacy protection, but the website's professionalism and trust indicators strongly support its legitimacy. Overall, IHSA's website reflects a mature, secure, and user-focused digital platform that effectively supports its mission to improve workplace health and safety in Ontario.

Detected Technologies

ASP.NETjQuery 2.1.1Google AnalyticsGoogle Tag ManagerHeap AnalyticsFacebook PixelLinkedIn Insight TagHotjarCookieYes Consent Management

🧠AI Business Intelligence

Technology stack, business insights, and market analysis powered by AI.

Business Intelligence

Market & Strategic Analysis

IHSA operates as a non-profit association serving key industrial sectors in Ontario, focusing on occupational health and safety. Its business model revolves around providing training (in-class and eLearning), consulting, certification programs (COR®, NCSO®/NHSA™), and safety products. The organization leverages partnerships with government bodies and charities to enhance its offerings and credibility. The website indicates a large organizational size with extensive reach and influence. IHSA's competitive advantage lies in its authoritative certifications, comprehensive resources, and strong government alignment. The presence of multiple social media channels and marketing tools suggests active engagement and growth orientation.

Extracted Contact Information

Marketing Intelligence Data

Email Addresses (2)

i*****@ihsa.ca

t*****@ihsa.ca

Phone Numbers (2)

180*******

Security Posture Analysis

Comprehensive Security Assessment

The website demonstrates a good security maturity level with mandatory HTTPS, session cookies, bot detection cookies (datadome, Cloudflare __cf_bm), and consent management. However, explicit security headers like Content-Security-Policy, X-Frame-Options, and others are not confirmed in the provided data and should be verified. No exposed sensitive data or vulnerable libraries were detected in the HTML content. The absence of a public security policy or incident response contact limits transparency. Privacy compliance is well addressed with GDPR considerations and cookie consent. Overall, the security posture is strong but could be enhanced by publishing security policies and implementing additional HTTP headers.

Strategic Recommendations

Priority Actions for Security Improvement

Implement and explicitly confirm security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.

✨Observations

AI-powered comprehensive website and business analysis.

AI-Enhanced Website Analysis

Business Insights

Company:

Infrastructure Health and Safety Association

Description:

IHSA is Ontario's trusted health and safety resource for the construction, transportation, electrical utilities, and aggregates industries.

Key Services:

Health and safety training (in-class, eLearning)Consulting servicesProducts related to workplace safetyCertification programs (COR®, NCSO®/NHSA™)Safety resources and campaigns

Content Quality:

excellent

Branding:

consistent

Technical Stack

Technologies:

ASP.NETjQuery 2.1.1Google AnalyticsGoogle Tag ManagerHeap AnalyticsFacebook PixelLinkedIn Insight TagHotjarCookieYes Consent Management

Frameworks:

ASP.NET WebForms

Performance:

moderate

Mobile:

good

Accessibility:

basic

SEO:

good

Security Assessment

Security Score:

85/100

Best Practices:

Use of HTTPS
Cookie consent banner with customization
No exposed sensitive data in HTML
Use of security cookies (Cloudflare __cf_bm, datadome)
Session management cookies

Analytics & Tracking

Services:

Google AnalyticsHeap AnalyticsSnowplow AnalyticsDynatraceHotjar

Tracking Level:extensive

Privacy Compliance:good

Advertising & Marketing

Ad Networks:

Google DoubleClickTwitter Ads

Tracking Pixels:

Facebook PixelLinkedIn Insight TagHeap AnalyticsHotjarSnowplow Analytics

Marketing Tools:

Heap AnalyticsHotjarCookieYes

Transparency Level:good

Website Quality Assessment

Design Quality:excellent

User Experience:good

Content Relevance:excellent

Navigation Clarity:good

Professionalism:excellent

Trustworthiness:high

Key Observations

Website is fully accessible with rich content and no blocking detected

🛡️Security Headers

HTTP security headers analysis and recommendations.

Security Headers

HTTP security headers analysis

75/100

Score

Missing Content-Security-Policy header

HIGH

Controls resources the browser is allowed to load

Missing X-XSS-Protection header

MEDIUM

Legacy XSS protection (deprecated but still recommended)

🛡️NIS2 Compliance

Network & Information Security Directive compliance assessment.

NIS2 Compliance

Network & Information Security Directive

17/100

Score

SPF

Sender Policy Framework

DKIM

DomainKeys Identified Mail

DMARC

Domain-based Message Authentication

MX Records

Mail Exchange Records

BIMI

Brand Indicators

MTA-STS

Mail Transfer Agent Security

TLS-RPT

TLS Reporting

DNSSEC

DNS Security

SPF Details

Record:

v=spf1 include:spf.protection.outlook.com -all

DNS Lookups:1/10

Policy:-all

DKIM Selectors Found

Selector:selector1(1416-bit rsa)

Selector:selector2(1416-bit rsa)

Selector:s1(1440-bit rsa)

DMARC Details

Policy:none

🏆SSL/TLS Security

Certificate validity and encryption analysis.

SSL/TLS Security

Certificate validity and encryption analysis

82/100

Score

Weak Protocols Supported

HIGH

Server supports weak protocols: TLSv1.1

Certificate Transparency Not Implemented

LOW

Certificate is not logged in Certificate Transparency logs

Partial SSL/TLS Assessment

LOW

Completed 3 of 4 security checks due to time constraints

Protocol Support

TLSv1.3TLSv1.2TLSv1.1

OCSP Status

OCSP Stapling Enabled

📊DNS Health

DNS configuration and security assessment.

DNS Health

DNS configuration and security assessment

Domain Age

16 years(mature)

Expiry Risk

none(1461 days)

Protection Level

noneDNSSEC OFF

Suspicious Indicators Detected

•No domain protection locks enabled

DNS Records

A Records:66.240.157.205

Name Servers:

ns1177.dns.dyn.com

ns2147.dns.dyn.com

ns3150.dns.dyn.com

ns4155.dns.dyn.com

MX Records:

0: ihsa-ca.mail.protection.outlook.com

SOA:Serial: 2009121376, TTL: 1800s

DNSSEC Status

DNSSEC Not Enabled

DNS Performance

Resolution Time:36ms

SPF Analysis

SPF Record:

v=spf1 include:spf.protection.outlook.com -all

⚡Network Security

Port scanning and network exposure analysis.

Network Security

Port scanning and network exposure analysis

100/100

Score

Good Network Security Posture

LOW

No unnecessary services detected on common risky ports

🔧Technical Analysis

Detailed technical findings and analysis from AI assessment.

Technical Analysis

Comprehensive security assessment findings

Additional Findings

The website is built on ASP.NET WebForms, indicating a mature but somewhat legacy technology stack. It uses jQuery 2.1.1 and integrates multiple analytics and marketing tools including Google Analytics, Heap Analytics, Hotjar, Facebook Pixel, and LinkedIn Insight Tag. The site is moderately performant with good mobile optimization and basic accessibility features. SEO is supported by proper meta tags and Open Graph data. The CMS appears custom or proprietary. Hosting provider details are not evident. There is potential technical debt due to older frameworks, but the site remains functional and professional. Opportunities exist to modernize the tech stack and improve accessibility and security headers.

How did we do?

Your feedback directly shapes our roadmap. Rate the quality of this report, leave an optional comment, and let us know if you want our security specialists to follow up.

Analyze Another Website

Is ihsa.ca a Scam? Security Check Results - Infrastructure Health and Safety Association Reviews

Is ihsa.ca Safe? Security Analysis for Infrastructure Health and Safety Association

AI Summary

Detected Technologies

🧠AI Business Intelligence

Business Intelligence

Extracted Contact Information

Email Addresses (2)

Phone Numbers (2)

Security Posture Analysis

Strategic Recommendations

✨Observations

AI-Enhanced Website Analysis

Business Insights

Technical Stack

Security Assessment

Analytics & Tracking

Advertising & Marketing

Website Quality Assessment

Key Observations

🛡️Security Headers

Security Headers

Missing Content-Security-Policy header

Missing X-XSS-Protection header

👤GDPR Compliance

GDPR Compliance

No Cookie Policy found

No Cookie Consent Banner found

No Data Protection Officer mentioned

Privacy policy may not be GDPR compliant

GDPR Compliance Analysis

🛡️NIS2 Compliance

NIS2 Compliance

No information security framework found

No vulnerability disclosure policy

No security policy documentation found

No incident response procedures found

No business continuity planning found

No security contact information

No vulnerability reporting mechanism

No NIS2 reference found

📧Email Security

Email Security

DMARC not enforcing

No DMARC reporting

No BIMI Record

No MTA-STS Policy

No TLS-RPT Record

SPF Details

DKIM Selectors Found

DMARC Details

🏆SSL/TLS Security

SSL/TLS Security

Weak Protocols Supported

Certificate Transparency Not Implemented

Partial SSL/TLS Assessment

Protocol Support

OCSP Status

📊DNS Health

DNS Health

DNSSEC Not Enabled

CAA Records Not Configured

Domain Transfer Lock Not Enabled

Domain Delete Lock Not Enabled

DMARC Policy Set to None

Domain Registration Details

DNS Records

DNSSEC Status

DNS Performance

SPF Analysis

⚡Network Security

Network Security

Good Network Security Posture

🔧Technical Analysis

Technical Analysis

Additional Findings

Related Partner Domains

threadsoflife.ca

www.theloc.ca

ihsa.learnupon.com