HTTPS Readiness test

Input

Check here if your site complies with the HTTPS best practices

Domain analysis: www.yahoo.com

  • Always redirect to same domain https://www.yahoo.com (BEST PRACTICE!)
  • IP addresses: 87.248.116.11, 87.248.116.12

    • Certificate details

  • This wildcard SSL Certificate was created for *.fantasysports.yahoo.com and is also valid for www.yahoo.com
  • Certificate issued by DigiCert Inc, of type DigiCert SHA2 High Assurance Server CA
  • Certificate start date: Apr 2 00:00:00 2024 GMT
  • Certificate expiration: May 22 23:59:59 2024 GMT (in 33 days)
  • Certificate validity period: 51 days (probably automated renewal)
  • Encryption algorithm: TLSv1.3 / TLS_AES_128_GCM_SHA256
    • More certificate details?
  • SSL Labs: get more detailed HTTPS report
  • Mozilla Observatory: get more detailed HTTPS report

    • HTTPS Headers

  • Missing HTTP header x-frame-options - 1
  • HTTP header content-security-policy is wrong - 1
    sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage®ion=US&lang=en-US&device=desktop&yrid=6jdd8qtj271d5&partner=; frame-ancestors 'self' https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.search.aol.com https://*.search.huffpost.com htts://*.verizonmedia.com https://*.publishing.oath.com
  • HTTP header x-xss-protection is OK - 1
  • HTTP header strict-transport-security (HSTS) is OK (12 months valid)

    • Content details

  • Mixed content: this page uses insecure content from csp

    • How to get https for your site

    References