SSL Certificate Analysis for static.yandex.sx - Security Grade & TLS Configuration

Open Cached · just now

87/100 SECURITY SCORE

Certificate Information

Subject

C=RU, ST=Moscow, L=Moscow, O=YANDEX LLC, CN=*.yastatic-net.ru

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018

Valid From

November 05, 2025

Valid Until

May 05, 2026 118 days

Public Key

RSA 2048 bit Adequate

Signature Algorithm

SHA256-RSA

SHA-256 Fingerprint

49:88:7B:7E:11:ED:24:22:87:2A:1A:23:E1:D6:37:AC:5C:14:DC:32:A8:13:3F:ED:35:6B:B8:E4:BB:8D:36:E4

Alternative Names

21 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

default-src; script-src; style-src; +11 more

default-src 'none'; script-src 'self' blob: 'nonce-FXxKTwWGkyVwV10a5cxfT4oE' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.s3.yandex.net lpc.s3.mdst.yandex.net yandex.st banners.adfox.ru content.adfox.ru *.ya.ru; font-src 'self' data: yandex.ru an.yandex.ru *.s3.yandex.net yastatic.net yastat.net *.yandex.ru *.ya.ru; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: turbopages.org *.turbopages.org yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com https://vk.com/video_ext.php https://login.vk.com embed.megogo.net coub.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net banners.adfox.ru meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.rs *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.rs ya.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; connect-src 'self' blob: yandexmetrica.com:* mc.admetrica.ru yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru yandex.st milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com *.yango.com ads.adfox.ru ads6.adfox.ru ya.ru *.ya.ru dev.introvert.bz; form-action https://*; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net *.yandex-team.ru; object-src yastatic.net; report-uri https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=undefined&yandexuid=5887425931767744074; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net yandex.rs *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net *.yandex.rs ya.ru *.ya.ru;

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Good

no-referrer-when-downgrade

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Not Configured (Any CA can issue certificates)

CAA Issues

• No CAA records configured - any CA can issue certificates

Recommendations

• Implement CAA records to restrict which CAs can issue certificates for your domain
• This adds an extra layer of security against unauthorized certificate issuance
• Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
• Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

21 domains

static.yandex.sx

Other domains in certificate

css.yandex.net img-css.friends.yandex.net img.yandex.net imgl.yandex.net js.static.yandex.net lego.static.yandex.net site.yandex.net static.yandex.net

css.yandex.ru img.yandex.ru

i.yandex.st static.yandex.st www.yandex.st yandex.st

yastat.net *.yastat.net

yastatic-net.ru *.yastatic-net.ru

yastatic.net *.yastatic.net