Is bnetdocs.org safe to use as a vendor?

bnetdocs.org scored 82/100 on LynxRadar's security posture assessment. The domain meets baseline security requirements. 8 checks passed, 5 warnings, 1 critical issues across 14 passive checks including TLS, DMARC, security headers, breaches, and CVEs.

Does bnetdocs.org have SPF configured?

Yes. SPF record: v=spf1 mx -all

Does bnetdocs.org have security headers configured?

bnetdocs.org has 5 of 5 recommended security headers. Present: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy. All recommended headers present.

bnetdocs.org Security Report — Grade B- (82/100)

Q: What TLS version does bnetdocs.org use?

bnetdocs.org uses TLSv1.3 with TLS_AES_256_GCM_SHA384. TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

Q: Does bnetdocs.org have DMARC configured?

No. bnetdocs.org's DMARC policy is set to 'none'. SPF record: yes. Strengths: SPF record present with hard-fail (-all); DKIM configured (selectors: mail). Issues: No DMARC record found — email spoofing is not prevented.

Q: Does bnetdocs.org use HSTS?

No. Strict-Transport-Security header is missing. Connections can be downgraded to HTTP via man-in-the-middle attacks.

Q: Is bnetdocs.org's SSL certificate valid?

Yes. Strengths: Certificate valid, 52 days remaining; Issued by Google Trust Services. Note: Wildcard certificate in use (*.domain) — covers all subdomains. Common practice; worth noting that compromise would affect all subdomains.

Q: Does bnetdocs.org have DNSSEC enabled?

Yes. Strengths: 2 nameservers configured (kevin.ns.cloudflare.com., jocelyn.ns.cloudflare.com.); 1 MX records present; DNSSEC enabled; Zone transfers properly restricted.

B-

82/100

bnetdocs.org

May 12, 2026 ·

1+ Warnings 8 Passed

AI Summary

bnetdocs.org scored 82/100, demonstrating a strong security posture. Minor improvements are noted below.

Critical gaps in: HSTS Header. Positive signals: DNS Configuration, TLS Protocol Support, TLS Configuration all passed.

2 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

Better than 72% of 2676 companies scanned.

072th pct100

A+

A-

B+

B-

C+

C-

D+

D-

HSTS Header

MX Records & Mail Provider

MTA-STS & TLS Reporting

DNS CAA Records

DMARC / Email Security

security.txt (RFC 9116)

DNS Configuration

TLS Protocol Support

TLS Configuration

Security Headers

Cookie Security

Known Breaches

CVE Exposure

Certificate Hygiene

B-

bnetdocs.org

82/100

No critical issues — great work!

Enable HSTS (HTTP Strict Transport Security)

< 1 hour High

The HSTS header is missing on bnetdocs.org. Without it, connections can be downgraded from HTTPS to HTTP via man-in-the-middle attacks. This is a straightforward server configuration change.

PCI-DSS 4.0Req 6.4.1

Required application security controls

NIST 800-53SC-8

Transmission confidentiality and integrity

How to fix this

1Add header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

2Verify all subdomains support HTTPS before adding includeSubDomains

3Test with: curl -sI https://bnetdocs.org | grep -i strict

4Submit to hstspreload.org after confirming the header is correct

1 item locked

Unlock the full action plan

Report unlocked.

At a glance

Full data from this scan

TLS Version

TLSv1.3

TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

DMARC Policy

Not configured

Strengths: SPF record present with hard-fail (-all); DKIM configured (selectors: mail). Issues: No DMARC record found — email spoofing is not prevented.

SPF Record

Present

v=spf1 mx -all

Security Headers

5/5 present

All headers configured.

HSTS

Not enabled

Strict-Transport-Security header is missing. Connections can be downgraded to HTTP via man-in-the-middle attacks.

SSL Certificate

Valid

Strengths: Certificate valid, 52 days remaining; Issued by Google Trust Services. Note: Wildcard certificate in use (*.domain) — covers all subdomains. Common practice; worth noting that compromise would affect all subdomains.

DNSSEC

Enabled

Strengths: 2 nameservers configured (kevin.ns.cloudflare.com., jocelyn.ns.cloudflare.com.); 1 MX records present; DNSSEC enabled; Zone transfers properly restricted.

Similar companies

Other domains with comparable security profiles.