DNS Gurus
Open Cached · just now
83/100 SECURITY SCORE

Certificate Information

Subject
C=US, ST=Minnesota, O=3M Company, CN=ecommerce-china-cdn.3m.com
Issuer
C=GB, O=Sectigo Limited, CN=Sectigo Public Server Authentication CA OV E36
Valid From
October 22, 2025
Valid Until
October 22, 2026 323 days
Public Key
ECDSA 256 bit (P-256) Adequate
Signature Algorithm
ECDSA-SHA256
SHA-256 Fingerprint
7A:9B:EF:B1:B2:5F:C4:77:51:47:65:16:50:A3:6B:01:00:AC:15:99:FE:09:5F:12:8F:25:18:41:56:03:4E:C4
Alternative Names
98 domains

Security Configuration

TLS Protocols
TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)

HTTP Security Headers

Status
Strict-Transport-Security
Good
max-age=63072000; includeSubDomains
Content-Security-Policy
Weak
frame-ancestors
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
  • Consider adding 'preload' to HSTS for maximum security
  • Significantly strengthen CSP directives
  • Add X-Content-Type-Options: nosniff
  • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

98 domains
ccss.3m.com ecommerce-china-cdn.3m.com ecommerce.3m.com enl.3m.com eoc.3m.com order.3m.com

Other domains in certificate

asdmto-ct.3m.com.cn asdmto.3m.com.cn asn-ct.3m.com.cn asn-hc-ct.3m.com.cn asn-hc.3m.com.cn asn.3m.com.cn brand.3m.com.cn cecrm-ct.3m.com.cn cecrm.3m.com.cn ciam-ct.3m.com.cn ciam.3m.com.cn cms-ct.3m.com.cn cms.3m.com.cn cmsapi-ct.3m.com.cn cmsapi.3m.com.cn cmsauth-ct.3m.com.cn cmsauth.3m.com.cn cmssite-ct.3m.com.cn cmssite.3m.com.cn cnpcsm-ct.3m.com.cn cnpcsm.3m.com.cn cnvms-ct.3m.com.cn cnvms.3m.com.cn cpos-ct.3m.com.cn cpos.3m.com.cn cposdac-ct.3m.com.cn cposdac.3m.com.cn csfc-ct.3m.com.cn csfc.3m.com.cn csr-ct.3m.com.cn csr.3m.com.cn cwap-ct.3m.com.cn cwap.3m.com.cn cwapgw-ct.3m.com.cn cwapgw.3m.com.cn cwcs-ct.3m.com.cn cwcs.3m.com.cn cweftpl-ct.3m.com.cn cweftpl.3m.com.cn dam-author-ct.3m.com.cn dam-author.3m.com.cn dam-ct.3m.com.cn dam.3m.com.cn dsr-ct.3m.com.cn dsr.3m.com.cn ekaizen-ct.3m.com.cn ekaizen.3m.com.cn enl.3m.com.cn eoc.3m.com.cn eoctest.3m.com.cn esign-ct.3m.com.cn esign.3m.com.cn ewcs-ct.3m.com.cn ewcs.3m.com.cn ewcstssd-ct.3m.com.cn ewcstssd.3m.com.cn guandata.3m.com.cn hcrms-ct.3m.com.cn hcrms.3m.com.cn iamext-ct.3m.com.cn iamext.3m.com.cn lacs-ct.3m.com.cn lacs.3m.com.cn lms-ct.3m.com.cn lms.3m.com.cn moa-ct.3m.com.cn moa.3m.com.cn multimedia-ct.3m.com.cn multimedia.3m.com.cn rsms-ct.3m.com.cn rsms.3m.com.cn slp-ct.3m.com.cn slp-hc-ct.3m.com.cn slp-hc.3m.com.cn slp.3m.com.cn webapps-ct.3m.com.cn webapps.3m.com.cn wecom-ct.3m.com.cn wecom.3m.com.cn www-ct.3m.com.cn www.3m.com.cn www.command.com.cn www.futuro.com.cn www.nexcare.com.cn www.post-it.com.cn www.scotch-brite.com.cn www.scotch.com.cn www.scotchgard.com.cn wx-ct.3m.com.cn wx.3m.com.cn
www.filtrete.cn
www.nexcare.cn