Open
Cached
·
25m ago
77/100
SECURITY SCORE
Certificate Information
Subject
C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=tfe.alibaba.com
Issuer
C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 OV TLS CA 2024
Valid From
November 14, 2025
Valid Until
January 05, 2026
39 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
4D:F6:5F:9B:8C:4B:16:96:9F:74:77:51:99:20:BA:59:AA:7A:FE:02:AD:F4:4D:A6:BE:CF:93:27:7B:4E:CB:B0
Alternative Names
Security Configuration
TLS Protocols
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
Warnings
- • TLS 1.1 is deprecated and should be disabled
- • TLS 1.0 is deprecated and should be disabled
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31536000
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
197 domains
*.cainiao.com
gfn.cainiao.com
*.aps.cainiao.com
*.cnstr.cainiao.com
*.dpark.cainiao.com
*.dwms.cainiao.com
*.gfn.cainiao.com
*.iot.cainiao.com
*.saas.cainiao.com
*.sto.cainiao.com
*.tmsy.cainiao.com
*.wmp.cainiao.com
*.wt.cainiao.com
*.xpm.cainiao.com
*.cpaas.wmp.cainiao.com
*.crm.xpm.cainiao.com
*.edi-pre.xpm.cainiao.com
*.mcs.xpm.cainiao.com
*.11222.cn
56xiniao.com
*.56xiniao.com
*.9game.cn
*.bbs.9game.cn
*.test.9game.cn
*.alibaba-inc.com
*.alibaba.com
*.dayu.alibaba.com
tfe.alibaba.com
*.alibabadoctor.com
*.aligames.com
*.alihealth.cn
*.alihive.com
*.alios.cn
*.alisports.com
*.aliwx.net
*.aliyun-inc.com
*.aliyun.com
*.bi.aliyun.com
*.aliyuncs.com
*.aliyunidaas.com
*.api.aliyunidaas.com
*.daily.aliyunidaas.com
*.dev.aliyunidaas.com
*.login-dev.aliyunidaas.com
*.login.aliyunidaas.com
biubiu001.com
*.biubiu001.com
*.ckticket.cn
cloud-idaas.com
*.cloud-idaas.com
*.cnzz.com
*.alihealth.com.cn
*.aliwx.com.cn
*.reos.com.cn
*.reyijuuc.com.cn
*.ucreyiju.com.cn
*.ucryj.com.cn
*.coolnetu.cn
*.coolnetu.com
*.coolu.net
*.cualiweb.com
*.2019fbwc.damai.cn
*.api.damai.cn
*.cfs.damai.cn
*.damai.cn
*.en.damai.cn
*.jp.damai.cn
*.m.damai.cn
*.pj.damai.cn
*.seat.damai.cn
*.trade.damai.cn
*.business.danniao.com
*.danniao.com
*.dingtalk.danniao.com
*.hr.danniao.com
*.mcs.danniao.com
dianwoda.cn
*.dianwoda.cn
*.dianwoda.com
*.dingtalk.com
*.service.dingtalk.com
*.xding-xixish.dingtalk.com
*.dingtalkapps.com
gbdaihxk.eapps.dingtalkapps.com
dingtalkcloud.com
*.dingtalkcloud.com
*.eapps.dingtalkcloud.com
*.effirst.com
*.ejoy.com
*.kun-hk-sit.ejoy.com
*.kun-hk.ejoy.com
*.kun-sg.ejoy.com
*.kun-sit.ejoy.com
*.kun-sz-sit.ejoy.com
*.kun-sz.ejoy.com
*.kun.ejoy.com
*.mid-test.ejoy.com
*.mid.ejoy.com
*.ele.me
*.faas.ele.me
*.shop.ele.me
*.star.ele.me
*.test.ele.me
*.eleme.cn
*.shop.eleme.cn
*.alpha.elenet.me
*.daily.elenet.me
*.elenet.me
*.faas.alpha.elenet.me
*.test.alpha.elenet.me
*.test.elenet.me
*.ewtp.com
ffl-tech.com
*.ffl-tech.com
*.ishuqi.com
*.iyunzhi.com
*.fend.jiaoyimao.cn
*.jiaoyimao.cn
*.pl.jiaoyimao.cn
*.super.jiaoyimao.cn
*.kangkanglu.com
*.lingxigames.com
*.auth.lydaas.com
*.bp-apaas.lydaas.com
*.data-portal.lydaas.com
*.jycm.lydaas.com
*.lydaas.com
*.quickcem.lydaas.com
*.test.jycm.lydaas.com
*.maitix.com
*.des.m.mappcloud.com
*.m.mappcloud.com
*.miaostreet.com
*.mypiao.com
*.wx.mypiao.com
*.mytongyi.com
*.pp.cn
qianwen.com
*.qianwen.com
qingxunapp.com
*.qookkagames.com
*.quark.cn
*.rajax-inc.com
*.rajax.me
*.alpha.redmart.com
redmart.com
*.redmart.com
*.reos.group
*.reyijuuc.cn
*.reyijuuc.com
shenma-inc.com
shuqi.com
*.shuqi.com
*.shuqiapi.com
*.shuqiread.com
*.api.shuqireader.com
*.shuqireader.com
sm-tc.cn
*.sm-tc.cn
*.sm.cn
*.sqreader.com
*.taobao.com
*.taobao.org
tburl.in
*.tburl.in
teambition.com
*.teambition.com
teambition.net
*.teambition.net
teambitionapis.com
*.teambitionapis.com
tjnewsk.com
tongyi.com
*.tongyi.com
transcode.cn
*.transcode.cn
*.ubibibi.com
*.open.uc.cn
*.uc.cn
*.ucreyiju.cn
*.ucreyiju.com
*.ucreyiju.net
*.ucryj.cn
*.ucryj.com
*.ucweb.com
*.daily.xpmeng.com
*.xpmeng.com
*.yuekeyun.com
*.bap-baseprod.zacz.cn
*.m-standard-dev-epoch.zacz.cn
*.standard-dev-epoch.zacz.cn
*.standard-mtd1.zacz.cn
*.standard-mtd2.zacz.cn
*.standarddemo2.zacz.cn
*.zacz.cn
zhiyuliao.com
*.zhiyuliao.com
Other domains in certificate