What is the security rating for aetna.com?

aetna.com has a security posture score of 80/100 (Pass) based on 8 passive checks covering TLS, DMARC, headers, breaches, CVEs, DNS, and certificates. Scanned February 15, 2026.

aetna.com meets LynxRadar's threshold with 80/100. 6 passed, 1 warnings, 1 failures.

Pass

aetna.com

Item: aetna.com
Rating: 80
Author: LynxRadar

Security posture assessment · Scanned February 15, 2026

Findings

6 · 1 · 1

Checks

8 passive

Executive Summary AI-GENERATED

aetna.com scored 80/100, demonstrating a strong security posture. Minor improvements are noted below.

Critical gaps in: Security Headers. Positive signals: Known Breaches, DMARC / Email Security, DNS Configuration all passed.

2 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

Action Items

Ordered by priority · 2 items

Add missing security headers (CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy)

Effort: 1–2 hours Owner: Web server administrator

high

4 of 5 recommended security headers are missing on aetna.com: CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy. These headers protect against clickjacking, MIME-sniffing, and unauthorized browser feature access. Adding them is a server configuration change with no application code changes required.

Compliance Impact

PCI-DSS 4.0Req 6.4.1

Security headers are required application controls

OWASPSecure Headers

Recommended baseline for web applications

Remediation Steps

Add Content-Security-Policy header (start with report-only to avoid breakage)

Add: X-Frame-Options: DENY (or SAMEORIGIN if you use iframes)

Add: Referrer-Policy: strict-origin-when-cross-origin

Add: Permissions-Policy: camera=(), microphone=(), geolocation=()

🔒

Unlock the full remediation plan

Get detailed steps, compliance mapping, and ownership for all 2 action items. Free — just enter your work email.

No spam. We'll only contact you about this report.

✓ Report unlocked. Scroll down for full details.

Upgrade to TLS 1.3

Effort: < 1 hour Owner: Web server administrator

low

aetna.com negotiated TLSv1.2. TLS 1.2 is still compliant under all major security frameworks and is not a vulnerability. TLS 1.3 offers faster handshakes and removes legacy cipher negotiation. This is a best-practice improvement, not a compliance gap.

Remediation Steps

Update web server config to prefer TLS 1.3 (nginx: ssl_protocols TLSv1.2 TLSv1.3)

Verify: openssl s_client -connect aetna.com:443 -tls1_3

Scan Findings

Security Headers

Critical

TLS Configuration

Warning

Known Breaches

Healthy

DMARC / Email Security

Healthy

DNS Configuration

Healthy

Certificate Hygiene

Healthy

CVE Exposure

Healthy

HSTS Header

Healthy