SSL Certificate Analysis for ho-tracker.walmart.com - Security Grade & TLS Configuration

Certificate Information

Subject

C=US, ST=Arkansas, L=Bentonville, O=Walmart Inc., CN=fa-prod2.walmart.com

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018

Valid From

October 23, 2025

Valid Until

November 24, 2026 330 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

81:A7:F2:7C:79:60:EB:9B:9A:2E:E8:30:EA:2A:21:81:41:2F:C8:EB:A6:43:1B:77:9F:8C:D1:15:0D:12:E2:D7

Alternative Names

49 domains

Security Configuration

TLS Protocols

TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Present

origin

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

49 domains

walmart.com advertising.walmart.com ai.walmart.com aroptical-app-hub.walmart.com aroptical-scan.walmart.com aroptical-wasm.walmart.com careers.walmart.com cgw.walmart.com cp.walmart.com ewaltex.walmart.com fa-prod2.walmart.com ho-tracker.walmart.com identity.walmart.com insights.walmart.com interviewing.walmart.com mfaas-static.walmart.com my.walmart.com ocppserver.walmart.com ol-middleware.walmart.com onesource-gateway.walmart.com onesource.walmart.com solutionsv1.walmart.com speedy.walmart.com wallet.walmart.com wcsportal.walmart.com a.www.walmart.com b.affil.walmart.com b.affiliates.walmart.com b.hermes.walmart.com b.identity.walmart.com b.omnitran.walmart.com b.super.walmart.com bp.www.walmart.com careers.preview.walmart.com chat-connector-byoc.prod.walmart.com collect.defenderx.walmart.com enforce.defenderx.walmart.com sa-webhook-collector.prod.walmart.com wallet.business.walmart.com wallet.www.walmart.com wls.transporatation.walmart.com www.arnextgen-storage.walmart.com b.wallet.business.walmart.com b.wallet.www.walmart.com cpay-wrapper-pci.cc-core-project-pci.prod.walmart.com people.api.prod.walmart.com b.native-checkout.prod.affiliates.walmart.com

Other domains in certificate

clicks.scintilla.com

iptsupplier-gw.wal-mart.com