Open
Cached
·
just now
91/100
SECURITY SCORE
Certificate Information
Subject
C=US, ST=New York, L=New York, O=Yahoo Holdings Inc., CN=*.www.yahoo.com
Issuer
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
Valid From
November 14, 2025
Valid Until
December 31, 2025
38 days
Public Key
ECDSA
256 bit
(P-256)
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
42:0A:6D:FC:6E:F2:ED:37:DC:81:D6:A6:D4:C8:FD:75:3D:3F:C0:2F:12:A4:03:29:BE:CD:85:14:43:F8:50:C3
Alternative Names
Security Configuration
TLS Protocols
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
Warnings
- • TLS 1.1 is deprecated and should be disabled
- • TLS 1.0 is deprecated and should be disabled
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
connect-src; default-src; font-src; +12 more
connect-src 'self' wss://*.finance.yahoo.com/ https://*.cdn.yimg.com https://*.oath.com https://*.yahoo.com https://*.yahoo.net https://api.alyavista.com https://api.privacy-center.org https://bam.nr-data.net/ https://dpm.demdex.net/ https://guce.yahoofinance.com https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://s.yimg.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://smetrics.att.com/ https://files.quartr.com/streams/ https://b.trueanthem.com/ https://*.googlesyndication.com https://*.adtrafficquality.google https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://s.yimg.com; frame-ancestors 'self' https://www.aol.com https://www.aol.co.uk https://www.aol.de https://www.aol.ca https://*.ouryahoo.com https://local.cm.yahoo.com https://cm-ui.staging.yahoo.com https://cm-ui.yahoo.com; frame-src 'self' https://*.abcnews.go.com https://*.advertising.com https://*.bbc.co.uk https://*.chartbeat.com https://*.clicktivatedvideoplayer.com https://*.deezer.com https://*.delivery.vidible.tv https://*.dailymotion.com/ https://*.etonline.com https://*.facebook.com https://*.google.com https://*.hulu.com https://*.instagram.com https://*.jac.yahoosandbox.com https://*.livestream.com https://*.mtvnservices.com https://*.myfinance.com https://*.nbc.com https://*.nytimes.com https://*.oath.com https://*.reuters.com https://*.scribd.com https://*.smartasset.com https://*.soundcloud.com https://*.spotify.com https://*.ted.com https://*.theguardian.com https://*.tumblr.com https://*.turner.com https://*.usatoday.com https://*.vimeo.com https://*.washingtonpost.com https://*.wsj.com https://*.yahoo.com https://*.yahoo.net https://abcnews.go.com https://att.demdex.net/ https://bbc.co.uk https://cdn.yahoofinance.com/ https://chartbeat.com https://compass.pressekompass.net https://datawrapper.dwcdn.net https://delivery.vidible.tv https://embed.acast.com https://embed.music.apple.com https://embed.podcasts.apple.com https://embedder.wirewax.com https://flo.uri.sh/ https://flourish.studio https://guce.yahoofinance.com https://interactives.ap.org https://livestream.com https://platform.twitter.com https://s.yimg.com https://service.force.com/ https://smartasset.com https://tsdtocl.com/ https://view.ceros.com https://vimeo.com https://widget-yahoo.ofx.com https://www.bankrate.com https://www.credible.com https://www.surveymonkey.com https://www.youtube.com https://yahoo.crunchbaseembed.com https://yahoo.real-estate.hk https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.adtrafficquality.google https://www.googletagmanager.com; img-src 'self' data: blob: about: https://*.amazon-adsystem.com https://*.chartbeat.com https://*.chartbeat.net https://*.cloudfront.net/pixel.gif https://*.dotomi.com https://*.wc.yahoodns.net https://*.yahoo.com https://*.yahoo.net https://*.yimg.com https://media.zenfs.com https://o.aolcdn.com/images/dims https://pbs.twimg.com https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://platform.twitter.com https://public.flourish.studio/resources/ https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://s2.coinmarketcap.com/static/img/coins/ https://sb.scorecardresearch.com https://smetrics.att.com/b/ss/attnetprod/ https://syndication.twitter.com https://vop-yahoo.akamaized.net/pixel.gif https://www.facebook.com https://cdn.yodlee.com https://news-assets.stockstory.org https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://www.google.com/ads/measurement/l https://*.google-analytics.com https://*.googletagmanager.com; manifest-src 'self' https://s.yimg.com; media-src 'self' blob: https://s.yimg.com https://res.cloudinary.com/yfc-nonprod/ https://res.cloudinary.com/yfc-production/ https://files.quartr.com/streams/; object-src 'none'; report-to csp-endpoint; report-uri https://csp.yahoo.com/beacon/csp?src=yahoofinance; sandbox allow-downloads allow-forms allow-modals allow-popups-to-escape-sandbox allow-popups allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://launcher.spot.im https://*.oath.com https://*.salesforceliveagent.com/ https://*.yahoo.com https://*.yahoo.net https://cdn.jsdelivr.net/npm/ https://cdn.rawgit.com/dcodeIO/protobuf.js/ https://ec.yimg.com/didomi/ https://jac.yahoosandbox.com/2.0.0/jac.js https://oathmembershipsupport.my.salesforce-sites.com/ https://oathmembershipsupport.my.salesforce.com/ https://openweb.jac.yahoosandbox.com/1.5.0/jac.js https://platform.twitter.com https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://s.yimg.com https://service.force.com/embeddedservice/5.0/ https://static.lightning.force.com/ https://static2.chartbeat.com https://*.adtrafficquality.google https://*.googlesyndication.com https://console.googletagservices.com/pubconsole/loader.js https://adservice.google.com/adsid/integrator.js https://cdn.ampproject.org/rtv/ https://www.googletagservices.com/activeview/js https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.yahoo.com https://cdn.taboola.com https://oathmembershipsupport.my.salesforce-sites.com/ https://platform.twitter.com https://s.yimg.com https://service.force.com/; worker-src 'self' blob:
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Present
interest-cohort=()
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Improve CSP by adding more specific directives and removing 'unsafe-inline'
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
85 domains
*.yahoo.com
*.activity.yahoo.com
*.antispam.yahoo.com
*.autos.yahoo.com
*.calendar.yahoo.com
*.celebrity.yahoo.com
*.commerce.yahoo.com
*.cricket.yahoo.com
*.dht.yahoo.com
*.dispatcher.yahoo.com
*.fantasysports.yahoo.com
*.finance.yahoo.com
*.games.yahoo.com
*.geo.yahoo.com
*.groups.yahoo.com
*.iris.yahoo.com
*.lifestyle.yahoo.com
*.m.yahoo.com
*.mail.yahoo.com
*.media.yahoo.com
*.messenger.yahoo.com
*.mobile.yahoo.com
*.movies.yahoo.com
*.msg.yahoo.com
*.mujer.yahoo.com
*.music.yahoo.com
*.my.yahoo.com
*.news.yahoo.com
*.newsletters.yahoo.com
*.notepad.yahoo.com
*.safely.yahoo.com
*.screen.yahoo.com
*.search.yahoo.com
*.secure.yahoo.com
*.shine.yahoo.com
*.sports.yahoo.com
*.style.yahoo.com
*.test-newsletters.yahoo.com
*.travel.yahoo.com
*.tripod.yahoo.com
*.tv.yahoo.com
*.video.yahoo.com
*.weather.yahoo.com
*.www.yahoo.com
*.xobni.yahoo.com
*.ybp.yahoo.com
*.yql.yahoo.com
*.ysm.yahoo.com
admetrics.uadapp.yahoo.com
api.digitalhomeservices.yahoo.com
br.financas.yahoo.com
ca.rogers.yahoo.com
commsdata.api.yahoo.com
de.kino.yahoo.com
de.nachrichten.yahoo.com
es-us.finanzas.yahoo.com
es-us.noticias.yahoo.com
es-us.vida-estilo.yahoo.com
fr-ca.rogers.yahoo.com
next.health.yahoo.com
next.tech.yahoo.com
video-api.sapi.yahoo.com
*.api.fantasysports.yahoo.com
*.commsdata.api.yahoo.com
*.email.cc.yahoo.com
*.football.fantasysports.yahoo.com
*.gcp.mail.yahoo.com
*.mailplus.mail.yahoo.com
*.mg.mail.yahoo.com
*.overview.mail.yahoo.com
*.shopping.comms.yahoo.com
*.sync.mail.yahoo.com
*.tw.campaign.yahoo.com
*.vto.commerce.yahoo.com
gallery.tv.widgets.yahoo.com
video.media.yql.yahoo.com
o.aolcdn.com
s.aolcdn.com
cdn.js7k.com
cdn.launch3d.com
*.sombrero.yahoo.net
*.yahooapis.com
s.yimg.com
ymail.com
*.ymail.com
Other domains in certificate