SSL Certificate Analysis for cms.gold.razer.com - Security Grade & TLS Configuration

Certificate Information

Subject

C=SG, L=Singapore, O=Razer (Asia-Pacific) Pte. Ltd., CN=gold.razer.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1

Valid From

January 26, 2026

Valid Until

December 22, 2026 321 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

2E:15:07:82:03:79:0E:D7:C5:C0:E9:2D:E9:D3:4D:88:89:15:EA:DB:26:EC:6F:37:77:F0:10:73:9E:BF:2C:59

Alternative Names

62 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

62 domains

fortnite.razer.com gold.razer.com silver.razer.com api-distribution.gold.razer.com app-console.gold.razer.com auth-globalapi.gold.razer.com blackhawk-posa.gold.razer.com cms-partners.gold.razer.com cms.gold.razer.com console-distribution.gold.razer.com console-v2.gold.razer.com console.gold.razer.com dcb.gold.razer.com dcbgw.gold.razer.com distribution.gold.razer.com edmconsole.gold.razer.com epay-posa.gold.razer.com epic-gateway.gold.razer.com familymart-proxy.gold.razer.com global.gold.razer.com globalapi.gold.razer.com legacymerchantpayment-proxy.gold.razer.com media.gold.razer.com merchant-th.gold.razer.com merchant.gold.razer.com merchantvoucher.gold.razer.com nakha-sea.gold.razer.com partners.gold.razer.com pay.gold.razer.com pay.zgold-qa.razer.com pay.zvault.razer.com paychannel-7connect.gold.razer.com paychannel-dcb-web.gold.razer.com paychannel-ovo.gold.razer.com paychannel.gold.razer.com paychn.gold.razer.com preprod.gold.razer.com publisher-ygg.gold.razer.com redeem.gold.razer.com reportapi-distribution.gold.razer.com reseller-api-distribution.gold.razer.com reseller.gold.razer.com reward.gold.razer.com rgpin-posa.gold.razer.com rgpin.gold.razer.com sea-api.gold.razer.com sea-services.gold.razer.com sea-web.gold.razer.com shopee-proxy.gold.razer.com silver.gold.razer.com silverconsole.gold.razer.com silvermerchant.gold.razer.com silverwallet.gold.razer.com spintowin.silver.razer.com topupapi.gold.razer.com voucherconsole.gold.razer.com webapi.gold.razer.com webhook.gold.razer.com webpos.gold.razer.com www.gold.razer.com zmerchant.gold.razer.com

Other domains in certificate

api.mol.com