SSL Certificate Analysis for gold.razer.com - Security Grade & TLS Configuration

Certificate Information

Subject

C=SG, L=Singapore, O=Razer (Asia-Pacific) Pte. Ltd., CN=gold.razer.com

Issuer

C=US, O=DigiCert Inc, CN=DigiCert Global G3 TLS ECC SHA384 2020 CA1

Valid From

December 21, 2025

Valid Until

December 22, 2026 338 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

37:00:74:5A:FD:F1:88:6C:FF:7D:8C:5E:9B:10:96:83:47:C8:FE:D9:49:CD:45:D2:80:43:40:BB:1E:7C:DC:2E

Alternative Names

61 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Excellent

max-age=31536000; includeSubDomains; preload

Content-Security-Policy

Weak

frame-ancestors

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

strict-origin-when-cross-origin

Permissions-Policy

Missing

Not configured

Recommendations

• Significantly strengthen CSP directives
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

61 domains

fortnite.razer.com gold.razer.com silver.razer.com api-distribution.gold.razer.com app-console.gold.razer.com auth-globalapi.gold.razer.com blackhawk-posa.gold.razer.com cms-partners.gold.razer.com cms.gold.razer.com console-distribution.gold.razer.com console-v2.gold.razer.com console.gold.razer.com dcb.gold.razer.com dcbgw.gold.razer.com distribution.gold.razer.com edmconsole.gold.razer.com epay-posa.gold.razer.com epic-gateway.gold.razer.com familymart-proxy.gold.razer.com global.gold.razer.com globalapi.gold.razer.com legacymerchantpayment-proxy.gold.razer.com media.gold.razer.com merchant-th.gold.razer.com merchant.gold.razer.com merchantvoucher.gold.razer.com nakha-sea.gold.razer.com partners.gold.razer.com pay.gold.razer.com pay.zgold-qa.razer.com pay.zvault.razer.com paychannel-7connect.gold.razer.com paychannel-dcb-web.gold.razer.com paychannel-ovo.gold.razer.com paychannel.gold.razer.com paychn.gold.razer.com preprod.gold.razer.com publisher-ygg.gold.razer.com redeem.gold.razer.com reportapi-distribution.gold.razer.com reseller-api-distribution.gold.razer.com reseller.gold.razer.com reward.gold.razer.com rgpin-posa.gold.razer.com rgpin.gold.razer.com sea-api.gold.razer.com sea-services.gold.razer.com sea-web.gold.razer.com shopee-proxy.gold.razer.com silver.gold.razer.com silverconsole.gold.razer.com silvermerchant.gold.razer.com spintowin.silver.razer.com topupapi.gold.razer.com voucherconsole.gold.razer.com webapi.gold.razer.com webhook.gold.razer.com webpos.gold.razer.com www.gold.razer.com zmerchant.gold.razer.com

Other domains in certificate

api.mol.com