DNS Gurus
Open Cached · just now
89/100 SECURITY SCORE

Certificate Information

Subject
C=US, ST=New York, L=New York, O=Yahoo Holdings Inc., CN=ystore.tw
Issuer
C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
Valid From
November 18, 2025
Valid Until
May 13, 2026 175 days
Public Key
ECDSA 256 bit (P-256) Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
A8:31:3C:49:4C:F8:B0:CA:30:3E:EB:22:BE:88:A6:A7:36:08:89:AA:2D:9A:78:9B:9A:E6:6A:55:B3:58:B0:EB
Alternative Names
87 domains

Security Configuration

TLS Protocols
TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3
Forward Secrecy
Supported (Modern clients use PFS)
Warnings
  • TLS 1.1 is deprecated and should be disabled
  • TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Basic
default-src; frame-src; frame-ancestors; +5 more
X-Frame-Options
Good
SAMEORIGIN
X-Content-Type-Options
Good
nosniff
Referrer-Policy
Good
no-referrer-when-downgrade
Permissions-Policy
Missing
Not configured
Recommendations
  • Increase HSTS max-age to at least 1 year and add includeSubDomains
  • Improve CSP by adding more specific directives and removing 'unsafe-inline'
  • Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records
Not Configured (Any CA can issue certificates)
CAA Issues
  • No CAA records configured - any CA can issue certificates
Recommendations
  • Implement CAA records to restrict which CAs can issue certificates for your domain
  • This adds an extra layer of security against unauthorized certificate issuance
  • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
  • Consider adding 'iodef' record to receive security incident reports

Subject Alternative Names

87 domains
*.abumedia.yahoo.com *.bc.yahoo.com *.bid.yahoo.com *.buy.yahoo.com *.charity.yahoo.com *.ec.yahoo.com *.finance.yahoo.com *.livechat.yahoo.com *.makers.yahoo.com *.mall.yahoo.com *.media.yahoo.com *.merchant.yahoo.com *.mobi.yahoo.com *.money.yahoo.com *.nevec.yahoo.com *.news.yahoo.com *.points.yahoo.com *.prime.yahoo.com *.promo.yahoo.com *.shp.yahoo.com *.smartr.yahoo.com *.stock.yahoo.com *.supplier.yahoo.com *.trendr.yahoo.com *.tv.yahoo.com *.usedcar.yahoo.com *.video.yahoo.com *.youcard.yahoo.com au.lifestyle.yahoo.com au.sports.yahoo.com hk.esports.yahoo.com hk.promotions.yahoo.com tw.emarketing.yahoo.com tw.esports.yahoo.com tw.live.yahoo.com *.analytics.bid.yahoo.com *.analytics.buy.yahoo.com *.analytics.mall.yahoo.com *.api.udb.yahoo.com *.campaign.bid.yahoo.com *.cmp.shp.yahoo.com *.edmbc.mall.yahoo.com *.ltm.buy.yahoo.com *.operate.buy.yahoo.com *.paas.ec.yahoo.com *.promo.bid.yahoo.com *.rcv.mall.yahoo.com *.sc.mall.yahoo.com *.tns.nevec.yahoo.com *.tw.buy.yahoo.com *.tw.campaign.yahoo.com *.tw.mall.yahoo.com *.user.mall.yahoo.com tw.campaign.money.yahoo.com tw.edit.finance.yahoo.com tw.edit.listing.yahoo.com tw.linkspot.search.yahoo.com tw.partner.buy.yahoo.com tw.payment.charity.yahoo.com tw.sales.emarketing.yahoo.com tw.ysm.emarketing.yahoo.com

Other domains in certificate

*.campaign.yahoo.com.hk yahoo.com.hk *.yahoo.com.hk
*.bc.yahoo.com.tw *.buy.yahoo.com.tw *.campaign.yahoo.com.tw *.monday.com.tw partner.pr.buy.yahoo.com.tw yahoo.com.tw *.yahoo.com.tw
*.engadget.com
*.cmp.p4pnet.net *.cms.by.monday.p4pnet.net
hk.celebrity.yahoo.net hk.emarketing.yahoo.net hk.lifestyle.yahoo.net hk.promotion.yahoo.net hk.promotions.yahoo.net hk.realestate.yahoo.net *.m.tw.campaign.yahoo.net *.tw.campaign.yahoo.net
ybid.tw
tw.ptnr.yimg.com *.yimg.com
yshop.tw
ystore.tw