SSL Certificate Analysis for e12404.x.akamaiedge.net - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for prod.wal.co, w8.wal.co, w7.wal.co, w6.wal.co, w5.wal.co, w4.wal.co, w3.wal.co, w2.wal.co, w1.wal.co, not for e12404.x.akamaiedge.net

Open Cached · just now

68/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=Arkansas, L=Bentonville, O=Walmart Inc., CN=prod.wal.co

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018

Valid From

March 26, 2025

Valid Until

April 27, 2026 146 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

41:89:BA:40:1B:8B:9B:3D:53:A2:F7:BC:F5:CF:BE:E2:F8:FD:EC:B3:33:E1:47:1C:8C:1C:96:00:C7:88:CC:41

Alternative Names

92 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)
• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

92 domains

test-1.ak-wal.co

test-1.az-wal.co

test-1.cf-wal.co

test-1.ns1-wal.co

test-1.ultradns-wal.co

a.wal.co a0.wal.co a1.wal.co a10.wal.co a11.wal.co a12.wal.co a13.wal.co a14.wal.co a15.wal.co a16.wal.co a17.wal.co a18.wal.co a19.wal.co a2.wal.co a20.wal.co a3.wal.co a4.wal.co a5.wal.co a6.wal.co a7.wal.co a8.wal.co a9.wal.co ak-asda-dyn.wal.co ak-asda.wal.co ak-br-dyn.wal.co ak-br.wal.co ak-ca-dyn.wal.co ak-ca.wal.co ak-hayneedle-dyn.wal.co ak-hayneedle.wal.co ak-jet.wal.co ak-modcloth-dyn.wal.co ak-modcloth.wal.co ak-sams-dyn.wal.co ak-sams.wal.co ak-us-dyn.wal.co ak-us.wal.co ak-usgr-dyn.wal.co ak-usgr.wal.co b.wal.co i.wal.co i0.wal.co i1.wal.co i2.wal.co i3.wal.co i4.wal.co i5-opt-pulsar.wal.co i5-opt-v0.wal.co i5-opt-v1.wal.co i5.wal.co i6.wal.co i7.wal.co i8.wal.co i9.wal.co prod.wal.co quic.wal.co r.wal.co t.wal.co t0.wal.co t1.wal.co t10.wal.co t11.wal.co t12.wal.co t13.wal.co t14.wal.co t15.wal.co t2.wal.co t3.wal.co t4.wal.co t5.wal.co t6.wal.co t7.wal.co t8.wal.co t9.wal.co w.wal.co w0.wal.co w1.wal.co w2.wal.co w3.wal.co w4.wal.co w5.wal.co w6.wal.co w7.wal.co w8.wal.co w9.wal.co wal.co www.wal.co