SSL Certificate Analysis for mx.vk.com - Security Grade & TLS Configuration

SSL Verification Bypassed

The server's SSL certificate could not be verified. The analysis was completed using insecure mode. Data may be less reliable.

Reason:

Hostname Mismatch - certificate is issued for *.mvk.com, vktickets.com, cs7777.vk.com, cs7777.vk.ru, *.vktickets.com, *.cs7777.vk.com, *.api.cs7777.vk.com, *.admin.cs7777.vk.com, *.m.cs7777.vk.com, not for mx.vk.com

Open Cached · just now

73/100 SECURITY SCORE

Certificate Information

Subject

C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.mvk.com

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018

Valid From

February 19, 2025

Valid Until

March 11, 2026 43 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

F1:E2:1A:5E:15:0B:70:7A:96:7C:02:28:E1:03:B0:B8:6A:30:52:C7:62:46:D4:A2:AA:FD:19:C6:05:B4:30:15

Alternative Names

41 domains

Security Configuration

TLS Protocols

TLS 1.2

Forward Secrecy

Limited (Check cipher configuration)

Warnings

• TLS 1.3 is not supported (recommended)

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Missing

Not configured

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Missing

Not configured

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Add Content-Security-Policy header to prevent XSS attacks
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add X-Content-Type-Options: nosniff
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

41 domains

mvk.com *.mvk.com cs7777.vk.com storage.mvk.com *.cs7777.vk.com *.pfm.mvk.com *.s3.mvk.com *.storage-stage.mvk.com *.storage.mvk.com s3.storage-stage.mvk.com *.admin.cs7777.vk.com *.api.cs7777.vk.com *.away.cs7777.vk.com *.dev.cs7777.vk.com *.id.cs7777.vk.com *.login.cs7777.vk.com *.m.cs7777.vk.com *.me.cs7777.vk.com *.ms.cs7777.vk.com *.oauth.cs7777.vk.com *.s3.storage-stage.mvk.com *.ui.cs7777.vk.com *.vkvideo.cs7777.vk.com *.m.vkvideo.cs7777.vk.com

Other domains in certificate

*.admin.cs7777.vk.ru *.api.cs7777.vk.ru *.away.cs7777.vk.ru cs7777.vk.ru *.cs7777.vk.ru *.dev.cs7777.vk.ru *.id.cs7777.vk.ru *.login.cs7777.vk.ru *.m.cs7777.vk.ru *.m.vkvideo.cs7777.vk.ru *.me.cs7777.vk.ru *.ms.cs7777.vk.ru *.oauth.cs7777.vk.ru *.ui.cs7777.vk.ru *.vkvideo.cs7777.vk.ru

vktickets.com *.vktickets.com