SSL Certificate Analysis for mw.alibaba-inc.com - Security Grade & TLS Configuration | DNS Gurus

Open Cached · just now

77/100 SECURITY SCORE

Certificate Information

Subject

C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alibaba-inc.com

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 OV TLS CA 2024

Valid From

September 24, 2025

Valid Until

August 30, 2026 280 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

DC:F2:A7:31:E5:40:22:F5:3D:76:2D:71:7E:B2:09:E6:07:FC:3A:94:CA:19:0A:46:54:EA:BF:12:A2:F8:D0:48

Alternative Names

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

117 domains

alibaba-inc.com *.alibaba-inc.com *.183e.alibaba-inc.com *.ab.alibaba-inc.com *.adcinst.alibaba-inc.com *.agent.alibaba-inc.com *.aicoding.alibaba-inc.com *.aione.alibaba-inc.com *.alicom-ops.alibaba-inc.com *.aliyun-region-vpc-ap-southeast-1-mw-mcp-internal.alibaba-inc.com *.aliyun-region-vpc-ap-southeast-1-mw-mcp.alibaba-inc.com *.anpm.alibaba-inc.com *.aone-agent.alibaba-inc.com *.aoneagent.alibaba-inc.com *.api-mw-inner.alibaba-inc.com *.api-mw.alibaba-inc.com *.asi-service-inspection.alibaba-inc.com *.atunnel.alibaba-inc.com *.cg.alibaba-inc.com *.cloud-ide-aws.alibaba-inc.com *.cloud-ide-hz-damo.alibaba-inc.com *.cloud-ide-qh-damo.alibaba-inc.com *.cn-zhangbei-center-ha3.alibaba-inc.com *.coc.alibaba-inc.com *.cpo.alibaba-inc.com *.crowork.alibaba-inc.com *.csb-broker-cn-zhangjiakou.alibaba-inc.com *.csb-broker.alibaba-inc.com *.daraz-workstation.alibaba-inc.com *.data-engine.alibaba-inc.com *.dmsp.alibaba-inc.com *.dt-fc.alibaba-inc.com *.dualstack.alibaba-inc.com *.emulation.alibaba-inc.com *.fn.alibaba-inc.com *.function-cn-internal.alibaba-inc.com *.h.alibaba-inc.com *.hdfs-storm-nimbus.alibaba-inc.com *.hosting.alibaba-inc.com *.ide-tmap3-ea133.alibaba-inc.com *.industry-workbench.alibaba-inc.com *.io.alibaba-inc.com *.jdbc.alibaba-inc.com *.jubao.alibaba-inc.com *.linglong.alibaba-inc.com *.lumos.alibaba-inc.com *.m-ds.alibaba-inc.com *.mixteam.alibaba-inc.com *.mlflow-ide.alibaba-inc.com *.mmcops.alibaba-inc.com *.net.alibaba-inc.com *.npm.alibaba-inc.com *.odps-storm-nimbus.alibaba-inc.com *.opensearch-inru.alibaba-inc.com *.opur.alibaba-inc.com *.ossproxy.alibaba-inc.com *.paasbase.alibaba-inc.com *.pai-aidc-test.alibaba-inc.com *.pai-aidc.alibaba-inc.com *.pai-damo.alibaba-inc.com *.pre-ai.alibaba-inc.com *.pre-aliyun-region-vpc-ap-southeast-1-mw-mcp.alibaba-inc.com *.pre-aoneagent.alibaba-inc.com *.pre-api-mw.alibaba-inc.com *.pre-atunnel.alibaba-inc.com *.pre-builder.alibaba-inc.com *.pre-cestlavie.alibaba-inc.com *.pre-cros.alibaba-inc.com *.pre-csp-site-test.alibaba-inc.com *.pre-daraz-workstation.alibaba-inc.com *.pre-dev2-hosting.alibaba-inc.com *.pre-faas.alibaba-inc.com *.pre-fn.alibaba-inc.com *.pre-hosting.alibaba-inc.com *.pre-industry-workbench.alibaba-inc.com *.pre-linglong.alibaba-inc.com *.pre-mikey.alibaba-inc.com *.pre-mixteam.alibaba-inc.com *.pre-mw-mcp.alibaba-inc.com *.pre-qfc.alibaba-inc.com *.pre-s-app.alibaba-inc.com *.pre-sandbox.alibaba-inc.com *.pre-x-dep.alibaba-inc.com *.pre-x-dsp.alibaba-inc.com *.pre-xinliu.alibaba-inc.com *.preadcinst.alibaba-inc.com *.qfc.alibaba-inc.com *.qxz-webide.alibaba-inc.com *.rc.alibaba-inc.com *.rds.alibaba-inc.com *.s-app.alibaba-inc.com *.sandbox.alibaba-inc.com *.sh-aigw-main-tt-common-internal.alibaba-inc.com *.sh-mw-mcp-internal.alibaba-inc.com *.sh-mw-mcp-office.alibaba-inc.com *.sh-mw-mcp.alibaba-inc.com *.stars-sgvpc-pre.alibaba-inc.com *.stars-sgvpc.alibaba-inc.com *.tao-finance.alibaba-inc.com *.tisplus.alibaba-inc.com *.universe.alibaba-inc.com *.vectordb-pre.alibaba-inc.com *.webide-b.alibaba-inc.com *.webide-ea119.alibaba-inc.com *.webide.alibaba-inc.com *.x-dep.alibaba-inc.com *.x-dsp.alibaba-inc.com *.xinliu.alibaba-inc.com *.xo.alibaba-inc.com *.ygg.alibaba-inc.com *.zyd-ha.alibaba-inc.com test.aliyun.alibaba-inc.com *.ap-southeast-1-internal.ha-work.alibaba-inc.com *.cn-zhangbei-center.ha-work.alibaba-inc.com *.ide-paib.dsight.alibaba-inc.com *.pre-page.idealab.alibaba-inc.com *.preview.pre-xinliu.alibaba-inc.com