SSL Certificate Analysis for yandex.com - Security Grade & TLS Configuration

Certificate Information

Subject

C=RU, ST=Moscow, L=Moscow, O=YANDEX LLC, CN=*.yandex.tr

Issuer

C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018

Valid From

August 26, 2025

Valid Until

February 23, 2026 110 days

Public Key

ECDSA 256 bit (P-256) Adequate

Signature Algorithm

ECDSA-SHA384

SHA-256 Fingerprint

CB:F2:F4:82:42:0E:5A:DA:F9:FA:58:F7:47:D8:16:57:DF:1D:5D:62:E0:76:47:38:38:20:65:93:68:B1:24:F8

Alternative Names

52 domains

Security Configuration

TLS Protocols

TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3

Forward Secrecy

Supported (Modern clients use PFS)

Warnings

• TLS 1.1 is deprecated and should be disabled
• TLS 1.0 is deprecated and should be disabled

HTTP Security Headers

Status

Strict-Transport-Security

Missing

Not configured

Content-Security-Policy

Basic

script-src; frame-src; style-src; +8 more

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Add Strict-Transport-Security header with max-age of at least 1 year
• Improve CSP by adding more specific directives and removing 'unsafe-inline'
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

CAA Records (Certificate Authority Authorization)

CAA Records

Configured (Restricts certificate issuance)

Current Issuer

Authorized (Matches CAA policy)

Authorized CAs

globalsign.com

Wildcard CAs

globalsign.com

Recommendations

• Consider using critical flag (flags=128) for stricter CAA enforcement
• Consider adding 'iodef' records to receive notifications about unauthorized certificate issuance attempts

Subject Alternative Names

52 domains

yandex.com *.yandex.com

Other domains in certificate

yandex.co.il *.yandex.co.il

yandex.com.am *.yandex.com.am

yandex.com.ge *.yandex.com.ge

yandex.com.tr *.yandex.com.tr

xn--d1acpjx3f.xn--p1ai *.xn--d1acpjx3f.xn--p1ai

ya.ru *.ya.ru

yandex.aero *.yandex.aero

yandex.az *.yandex.az

yandex.by *.yandex.by

yandex.de *.yandex.de

yandex.ee *.yandex.ee

yandex.fr *.yandex.fr

yandex.it *.yandex.it

yandex.jobs *.yandex.jobs

yandex.kz *.yandex.kz

yandex.lt *.yandex.lt

yandex.lv *.yandex.lv

yandex.md *.yandex.md

yandex.net *.yandex.net

yandex.org *.yandex.org

yandex.ru *.yandex.ru

yandex.tj *.yandex.tj

yandex.tm *.yandex.tm

yandex.tr *.yandex.tr

yandex.uz *.yandex.uz