SSL Verification Bypassed
The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.
Reason:
Hostname Mismatch - certificate is issued for *.tbcdn.cn, *.1688.com, *.3c.tmall.com, *.alibaba.com, *.alicdn.com, *.aliexpress.com, *.alikunlun.com, *.aliqin.tmall.com, *.alitrip.com, not for damai.taobao.org
Open
Cached
·
just now
75/100
SECURITY SCORE
Certificate Information
Subject
C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tbcdn.cn
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 OV TLS CA 2024
Valid From
June 16, 2025
Valid Until
July 18, 2026
235 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
3D:49:49:78:42:46:FF:F7:52:9B:6B:82:DF:7E:54:4B:F9:BA:D8:34:14:1D:21:67:63:4E:5B:62:A1:D8:85:B5
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Missing
Not configured
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Add Strict-Transport-Security header with max-age of at least 1 year
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
74 domains
1688.com
*.1688.com
alibaba.com
*.alibaba.com
*.m.alibaba.com
alicdn.com
*.alicdn.com
aliexpress.com
*.aliexpress.com
*.lw.aliimg.com
alikunlun.com
*.alikunlun.com
alitrip.com
*.alitrip.com
*.m.alitrip.com
aliyun.com
*.aliyun.com
cainiao.com
*.cainiao.com
*.m.cainiao.com
cainiao.com.cn
*.cainiao.com.cn
dingtalk.com
*.dingtalk.com
etao.com
*.etao.com
*.m.etao.com
feizhu.cn
*.feizhu.cn
feizhu.com
*.feizhu.com
fliggy.com
*.fliggy.com
fliggy.hk
*.fliggy.hk
cmos.greencompute.org
*.cmos.greencompute.org
juhuasuan.com
*.juhuasuan.com
*.m.1688.com
mei.com
*.mei.com
*.chi.taobao.com
*.china.taobao.com
cloudvideocdn.taobao.com
*.cloudvideocdn.taobao.com
*.django.t.taobao.com
*.jia.taobao.com
*.ju.taobao.com
m.intl.taobao.com
*.m.taobao.com
taobao.com
*.taobao.com
*.trip.taobao.com
*.m.taopiaopiao.com
taopiaopiao.com
*.taopiaopiao.com
*.mobgslb.tbcache.com
*.tbcache.com
tbcdn.cn
*.tbcdn.cn
*.3c.tmall.com
*.aliqin.tmall.com
*.chi.tmall.com
*.food.tmall.com
*.jia.tmall.com
*.m.tmall.com
tmall.com
*.tmall.com
*.m.tmall.hk
tmall.hk
*.tmall.hk
xiami.com
*.xiami.com