SSL Certificate Analysis for shopping.yahoo.com - Security Grade & TLS Configuration

Open Cached · just now

89/100 SECURITY SCORE

Certificate Information

Subject

C=US, ST=New York, L=New York, O=Yahoo Holdings Inc., CN=yho.com

Issuer

C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA

Valid From

September 02, 2025

Valid Until

February 25, 2026 47 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

E4:99:95:B8:E2:8B:2F:22:28:55:5C:76:51:C5:62:8E:AE:48:AE:20:1E:3D:5C:69:67:74:CC:DF:46:EA:B5:5A

Alternative Names

100 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Present

max-age=31536000

Content-Security-Policy

Basic

default-src; sandbox; img-src; +8 more

default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://trk.vidible.tv https://ganon.yahoo.com https://geo.yahoo.com https://api.cloudinary.com https://res.cloudinary.com https://*.amazon-adsystem.com https://geo.yahoo.com https://pbs.yahoo.com https://*.pubmatic.com https://*.adsrvr.org https://static.criteo.com https://*.casalemedia.com https://*.taboola.com https://*.rubiconproject.com https://*.openx.net https://ads.yieldmo.com http://static.yieldmo.com https://*.media.net https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://geo.yahoo.com https://ep1.adtrafficquality.google https://*.facebook.com https://*.kargo.com https://sync.kueezrtb.com https://*.mediago.io https://*.postrelease.com https://*.yellowblue.io https://*.sonobi.com https://*.lijit.com https://*.1rx.io https://*.cootlogix.com https://p.rfihub.com https://www.google.com/s2/favicons; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com https://o.aolcdn.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net https://cdn.taboola.com; connect-src 'self' https://*.engadget.com https://*.liadm.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://ap.lijit.com https://rtb.gumgum.com https://*.openx.net https://*.adtelligent.com https://htlb.casalemedia.com http://ssum-sec.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://api.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.uplynk.com https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://api.cloudinary.com https://*.media.net https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io https://s.yimg.com/oa/ https://api.privacy-center.org/v1/events https://api.privacy-center.org/v1/metrics https://api.privacy-center.org/v1/sync https://api.privacy-center.org/v1/locations https://ec.yimg.com/didomi https://guce.engadget.com/ https://guce.oath.com/ https://consent.yahoo.com/ https://i.clean.gg https://ads.yieldmo.com http://static.yieldmo.com https://*.3lift.com https://*.sharethrough.com https://*.lijit.com https://*.indexww.com https://sdk.privacy-center.org/f5623e34-377a-419c-8bb7-3928cebffbc9/ https://snippet.affilimate.io/ https://snippet.affilimatejs.com https://pub.affilimateapis.com https://pub-eu.affilimateapis.com https://api.assertcom.de https://icu.newsroom.bi/ingest.php https://tlx.3lift.com https://ads.yieldmo.com https://*.google-analytics.com https://api.alyavista.com https://*.seedtag.com https://search.yahoo.com https://connect.facebook.net https://*.facebook.com https://sync.kueezrtb.com https://exchange.kueezrtb.com https://sync.go.sonobi.com https://apex.go.sonobi https://pbs-yahoo-us.ay.delivery https://pbs-yahoo-eu.ay.delivery https://pbs-yahoo-apac.ay.delivery https://c.aps.amazon-adsystem.com https://*.amazon-adsystem.com https://*.publisher-services.amazon.dev https://vector.hereapi.com https://js.api.here.com https://browser-intake-datadoghq.com https://dataplane.rum.us-east-1.amazonaws.com https://dataplane.rum.us-west-2.amazonaws.com https://mpc-prod-16-s6uit34pua-uk.a.run.app https://hb.emxdgt.com https://prg.smartadserver.com https://reachms.bfmio.com https://targeting.unrulymedia.com https://api.vetted.ai https://api.reefpig.com https://*.rudderstack.com; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=commerce; report-to csp-endpoint;

X-Frame-Options

Good

SAMEORIGIN

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Increase HSTS max-age to at least 1 year and add includeSubDomains
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

100 domains

*.yahoo.com *.adspecs.yahoo.com *.adx.yahoo.com *.aide.yahoo.com *.aiuto.yahoo.com *.ajuda.yahoo.com *.ajutor.yahoo.com *.att.yahoo.com *.autos.yahoo.com *.ayuda.yahoo.com *.bantuan.yahoo.com *.beauty.yahoo.com *.cds.yahoo.com *.celebridades.yahoo.com *.celebrity.yahoo.com *.cine.yahoo.com *.cinema.yahoo.com *.creators.yahoo.com *.data.yahoo.com *.deportes.yahoo.com *.downloads.yahoo.com *.ec.yahoo.com *.entertainment.yahoo.com *.esports.yahoo.com *.eurosport.yahoo.com *.fantasysports.yahoo.com *.financas.yahoo.com *.finance.yahoo.com *.finanzas.yahoo.com *.finanzen.yahoo.com *.games.yahoo.com *.health.yahoo.com *.help.yahoo.com *.hilfe.yahoo.com *.kino.yahoo.com *.lifestyle.yahoo.com *.local.yahoo.com *.martech.yahoo.com *.media.yahoo.com *.mobi.yahoo.com *.mobile.yahoo.com *.movies.yahoo.com *.mujer.yahoo.com *.music.yahoo.com *.mysterio.yahoo.com *.nachrichten.yahoo.com *.news.yahoo.com *.noticias.yahoo.com *.notizie.yahoo.com *.people.yahoo.com *.pomoc.yahoo.com *.query.yahoo.com *.screen.yahoo.com *.secure.yahoo.com *.seguridad.yahoo.com *.shopping.yahoo.com *.sports.yahoo.com *.stars.yahoo.com *.style.yahoo.com *.tech.yahoo.com *.trendr.yahoo.com *.trogiup.yahoo.com *.tv.yahoo.com *.vida-estilo.yahoo.com *.video.yahoo.com *.weather.yahoo.com api.view.yahoo.com id.berita.yahoo.com tw.buy.yahoo.com ucs.netsvs.yahoo.com *.beta.finance.yahoo.com *.experiences.media.yahoo.com *.football.fantasysports.yahoo.com *.golf.fantasysports.yahoo.com *.pr.finance.yahoo.com *.tournament.fantasysports.yahoo.com

Other domains in certificate

beboundless.jp *.beboundless.jp

*.ec-horizontal-rewards.aws.oath.cloud

*.oath.com *.publishing.oath.com

maw.ouroath.com *.maw.ouroath.com

*.adshowcase.verizonmedia.com *.adspecs.verizonmedia.com *.verizonmedia.com *.www.verizonmedia.com

brb.yahoo.net enlight.yahoo.net forums.yahoo.net

*.fantasysports.yahooapis.com *.yahooapis.com

*.adshowcase.yahooinc.com *.adspecs.yahooinc.com *.adtech.yahooinc.com *.analytics.yahooinc.com *.search.yahooinc.com *.www.yahooinc.com *.yahooinc.com

yho.com