DNS Gurus
Open Cached · just now
85/100 SECURITY SCORE

Certificate Information

Subject
C=US, ST=New York, L=New York, O=Yahoo Holdings Inc., CN=src2.yahoo.com
Issuer
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA
Valid From
October 14, 2025
Valid Until
April 08, 2026 148 days
Public Key
ECDSA 256 bit (P-256) Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
C8:D9:A4:F7:3D:30:AE:6E:E0:D2:05:DB:82:F1:2E:EC:81:AE:29:BF:76:D7:61:CC:80:39:27:BF:CB:EB:6B:91
Alternative Names
78 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Weak
frame-ancestors; sandbox; report-uri
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Significantly strengthen CSP directives
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

78 domains
src2.yahoo.com *.adspecs.yahoo.com *.answers.yahoo.com *.att.yahoo.com *.autos.yahoo.com *.beauty.yahoo.com *.careers.yahoo.com *.celebridades.yahoo.com *.celebrity.yahoo.com *.cine.yahoo.com *.cinema.yahoo.com *.corp.yahoo.com *.deportes.yahoo.com *.entertainment.yahoo.com *.esports.yahoo.com *.eurosport.yahoo.com *.everything.yahoo.com *.fantasysports.yahoo.com *.finance.yahoo.com *.finanzas.yahoo.com *.finanzen.yahoo.com *.food.yahoo.com *.games.yahoo.com *.help.yahoo.com *.intheknow.yahoo.com *.kino.yahoo.com *.lifestyle.yahoo.com *.live.yahoo.com *.media.yahoo.com *.mobile.yahoo.com *.money.yahoo.com *.movies.yahoo.com *.mujer.yahoo.com *.music.yahoo.com *.news.yahoo.com *.noticias.yahoo.com *.notizie.yahoo.com *.omg.yahoo.com *.ontheroad.yahoo.com *.people.yahoo.com *.productcentral.yahoo.com *.safely.yahoo.com *.screen.yahoo.com *.search.yahoo.com *.secure.yahoo.com *.seguridad.yahoo.com *.shine.yahoo.com *.shopping.yahoo.com *.software.yahoo.com *.sport.yahoo.com *.sports.yahoo.com *.stars.yahoo.com *.store.yahoo.com *.style.yahoo.com *.subscriptions.yahoo.com *.travel.yahoo.com *.tv.yahoo.com *.vida-estilo.yahoo.com *.video.yahoo.com *.weather.yahoo.com *.answers.search.yahoo.com *.dns.ops.yahoo.com *.knowledge.search.yahoo.com *.me.advertising.yahoo.com *.recipes.search.yahoo.com *.shopping.search.yahoo.com *.vespa.corp.yahoo.com

Other domains in certificate

*.toshiba.aol.ca
*.main.welcomescreen.aol.com *.sb.welcomescreen.aol.com
*.buy.yahoo.com.tw
*.mail.makers.com
*.sh3bwah.maktoob.com
*.paranoids.ouroath.com
*.adshowcase.verizonmedia.com *.adspecs.verizonmedia.com
*.studios.vzbuilders.com
*.adshowcase.yahooinc.com