SSL Certificate Analysis for m.taobao.org - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for *.tbcdn.cn, *.1688.com, *.3c.tmall.com, *.alibaba.com, *.alicdn.com, *.aliexpress.com, *.alikunlun.com, *.aliqin.tmall.com, *.alitrip.com, not for m.taobao.org

Open Cached · just now

75/100 SECURITY SCORE

Certificate Information

Subject

C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tbcdn.cn

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 OV TLS CA 2024

Valid From

November 28, 2025

Valid Until

July 18, 2026 187 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2

Alternative Names

74 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

74 domains

1688.com *.1688.com *.m.1688.com

alibaba.com *.alibaba.com *.m.alibaba.com

alicdn.com *.alicdn.com

aliexpress.com *.aliexpress.com

*.lw.aliimg.com

alikunlun.com *.alikunlun.com

alitrip.com *.alitrip.com *.m.alitrip.com

aliyun.com *.aliyun.com

cainiao.com *.cainiao.com *.m.cainiao.com

cainiao.com.cn *.cainiao.com.cn

dingtalk.com *.dingtalk.com

etao.com *.etao.com *.m.etao.com

feizhu.cn *.feizhu.cn

feizhu.com *.feizhu.com

fliggy.com *.fliggy.com

fliggy.hk *.fliggy.hk

cmos.greencompute.org *.cmos.greencompute.org

juhuasuan.com *.juhuasuan.com

mei.com *.mei.com

*.chi.taobao.com *.china.taobao.com cloudvideocdn.taobao.com *.cloudvideocdn.taobao.com *.django.t.taobao.com *.jia.taobao.com *.ju.taobao.com m.intl.taobao.com *.m.taobao.com taobao.com *.taobao.com *.trip.taobao.com

*.m.taopiaopiao.com taopiaopiao.com *.taopiaopiao.com

*.mobgslb.tbcache.com *.tbcache.com

tbcdn.cn *.tbcdn.cn

*.3c.tmall.com *.aliqin.tmall.com *.chi.tmall.com *.food.tmall.com *.jia.tmall.com *.m.tmall.com tmall.com *.tmall.com

*.m.tmall.hk tmall.hk *.tmall.hk

xiami.com *.xiami.com