DNS Gurus
Open Cached · just now
77/100 SECURITY SCORE

Certificate Information

Subject
C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 OV TLS CA 2024
Valid From
May 06, 2025
Valid Until
June 07, 2026 190 days
Public Key
ECDSA 256 bit (P-256) Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
F4:DF:75:1A:8C:F5:01:8F:C0:2E:46:11:7C:41:76:A2:E0:E1:8C:71:3D:9B:B2:A4:A2:1C:B9:5A:9E:3B:F1:4E
Alternative Names
153 domains

Security Configuration

TLS Protocols
TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)
Warnings
  • TLS 1.1 is deprecated and should be disabled
  • TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Add Content-Security-Policy header to prevent XSS attacks
  • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

153 domains
tmall.com *.tmall.com *.3w.tmall.com *.admin.tmall.com *.alihealth-1.tmall.com *.aliqin.tmall.com *.alsc.tmall.com *.argus.tmall.com *.argushsf.tmall.com *.ascp.tmall.com *.avigator.tmall.com *.axbiz.tmall.com *.bbq.tmall.com *.beta-sale.tmall.com *.bot.tmall.com *.brand-sale.tmall.com *.buy.tmall.com *.buy2.tmall.com *.carts2.tmall.com *.cbb.tmall.com *.cbbs.tmall.com *.cbs.tmall.com *.cf.tmall.com *.chatanywaylookup-coin.tmall.com *.click.tmall.com *.coach.tmall.com *.compass.tmall.com *.consultation.tmall.com *.cps.tmall.com *.cs.tmall.com *.dchain-api-proxy.tmall.com *.dchain.tmall.com *.deploy.tmall.com *.detail.tmall.com *.dian.tmall.com *.engine.tmall.com *.ews.tmall.com *.fang.tmall.com *.fans.tmall.com *.fc.tmall.com *.fenxiao.tmall.com *.fuwu.tmall.com *.gateway.tmall.com *.global.tmall.com *.gongxiao.tmall.com *.gp.tmall.com *.idestudio.tmall.com *.ifpoperate.tmall.com *.import.tmall.com *.industry-workbench.tmall.com *.insight-engine.tmall.com *.invoice.tmall.com *.iot-debug-center.tmall.com *.ipublish.tmall.com *.item.tmall.com *.jdy.tmall.com *.logadmin.tmall.com *.login.tmall.com *.lsy.tmall.com *.m.tmall.com *.machining.tmall.com *.mallx.tmall.com *.manage.tmall.com *.manager.tmall.com *.manual.tmall.com *.market.tmall.com *.mkt.tmall.com *.msc.tmall.com *.mx-pages.tmall.com *.omnichannel.tmall.com *.os.tmall.com *.platform.tmall.com *.portal.tmall.com *.pos.tmall.com *.ppxk.tmall.com *.pre-dchain-api-proxy.tmall.com *.pre-dchain-fc.tmall.com *.pre-dchain.tmall.com *.pre-industry-workbench.tmall.com *.pre-sale.tmall.com *.pre-weaver.tmall.com *.pre.tmall.com *.pre1-sale.tmall.com *.pre2-sale.tmall.com *.pre3-sale.tmall.com *.pre4-sale.tmall.com *.prepub.tmall.com *.pricing.tmall.com *.publish.tmall.com *.purchase.tmall.com *.referee.tmall.com *.retail.tmall.com *.rulecenter.tmall.com *.sale.tmall.com *.scm.tmall.com *.scp.tmall.com *.service.tmall.com *.sg.tmall.com *.simba.tmall.com *.solution.tmall.com *.ssc.tmall.com *.sso.tmall.com *.st.tmall.com *.stargate.tmall.com *.sugus.tmall.com *.supplier.tmall.com *.supply.tmall.com *.taiwan.tmall.com *.tarpapro.tmall.com *.tbbs.tmall.com *.tbmc.tmall.com *.tc-business-plan.tmall.com *.tc.tmall.com *.tcbs.tmall.com *.tcportal.tmall.com *.test.tmall.com *.tgc.tmall.com *.tmcs.tmall.com *.tmg.tmall.com *.tmyp.tmall.com *.txcs-business-plan.tmall.com *.txcs.tmall.com *.upload.tmall.com *.wangpu.tmall.com *.wapa.tmall.com *.wapatest.tmall.com *.waptest.tmall.com *.weaver.tmall.com *.world.tmall.com *.ws-insight-engine.tmall.com *.wt.tmall.com *.wuliu.tmall.com *.www.tmall.com *.ya.tmall.com showcase.display.tmall.com *.api.m.tmall.com *.deploy.cbbs.tmall.com *.goalkeeper.dian.tmall.com *.otb.cbbs.tmall.com *.planadmin.cbbs.tmall.com *.planweb.cbbs.tmall.com *.poi.compass.tmall.com *.py.tbbs.tmall.com *.qc.cbbs.tmall.com *.trade.fang.tmall.com

Other domains in certificate

*.api.m.tmall.hk *.cainiao.tmall.hk *.cps.tmall.hk *.m.tmall.hk *.simba.tmall.hk tmall.hk *.tmall.hk *.wapa.tmall.hk