agapebabies.com

B-
Pass · 80/100
0 critical · 4 warnings · 6 passing
July 08, 2026
1+ Warnings 6 Passed
Trust Score Trend
→ No change since July 2026
Score
100 75 50 25 0
B-
agapebabies.com
80/100
AI Summary

1 critical gap in Cookie Security. MX Records & Mail Provider, TLS Configuration, and TLS Protocol Support are solid. A 1–2 day focused effort could reach 95+.

Compliance & Certifications
Not yet verified
SOC 2 TYPE II
SOC 2 Type II
Audited Feb 2025
3rd party · AICPA
Claim this profile
ISO 27001
ISO 27001
Valid through Dec 2026
3rd party · BSI
Claim this profile
GDPR
GDPR
DPA available
Self-reported
Claim this profile
CCPA
CCPA
Updated 2025
Self-reported
Claim this profile
Incident History
Mar 2025
Sample incident title
Jan 2024
Sample incident title
Coming soon
Security Posture
4 items need attention
6 passed
Strengthen email authentication configuration
DMARC / Email Security
2–4 hours

Email authentication is partially configured for agapebabies.com but has gaps. Actions needed: upgrade DMARC policy from 'none' to 'quarantine' or 'reject'. Until DMARC enforcement is active, spoofed emails may still reach recipients.

NIST CSFPR.AC-7
Email authentication is a required access control
How to fix this
1Upgrade DMARC policy to p=quarantine (then p=reject after monitoring)
2Verify with: nslookup -type=txt _dmarc.agapebabies.com
View all 6 passed checks
MX Records & Mail Provider
TLS Protocol Support
TLS Configuration
Known Breaches
CVE Exposure
Certificate Hygiene
Company Signals
Not yet verified
Funding, headcount, and leadership data require a claimed, verified profile.
Claim profile →
Trust Resources
Not yet verified
Trust Center, security page, and policy links appear once auto-detected or claimed.
Claim profile →
TLS Version
TLSv1.3
TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
DMARC Policy
p=none
Strengths: DMARC pct=100 — policy applies to all mail; SPF soft-fail (~all) configured; SPF DNS lookup count: 1/10 (within limit); DKIM configured (selectors: default, mandrill). Issues: DMARC policy is 'none' (monitoring only, no enforcement); DMARC has no aggregate report URI (rua) — policy violations won't be reported.
SPF Record
Present
v=spf1 include:spf.titan.email ~all
Security Headers
3/5 present
Missing: Referrer-Policy, Permissions-Policy
HSTS
Not enabled
HSTS configured with max-age=7889238s (91 days) — below the recommended 180-day minimum (15552000s). Browsers will enforce HTTPS but the policy caches for a short window. Increase max-age to 15552000 or higher.
Known Breaches
None found
No known breaches found in public disclosure databases.
CVE Exposure
Clear
Detected technologies: cloudflare. (cloudflare detected but excluded from CVE matching — upstream infrastructure). All detected technologies are upstream CDN/proxy infrastructure. No application-level software versions exposed.
SSL Certificate
Valid
Strengths: Certificate valid, 38 days remaining; Issued by Let's Encrypt.
DNSSEC
Not enabled
Strengths: 2 nameservers configured (major.ns.cloudflare.com, sima.ns.cloudflare.com); SOA record present and MNAME consistent with NS set; 2 MX record(s) present; Zone transfers properly restricted on all nameservers; Address records present: 1 A record(s). Issues: All nameservers are from a single provider (cloudflare.com) — a provider outage takes down the domain; DNSSEC not configured — DNS responses can be spoofed or tampered with in transit (DNS cache poisoning).
Similar companies
Appears in
Curated lists (SOC 2 certified vendors, top-rated by industry) are coming soon as compliance data is verified.