Is gov.sg safe to use as a vendor?

gov.sg scored 82/100 on LynxRadar's security posture assessment. The domain meets baseline security requirements. 6 checks passed, 2 warnings, 0 critical issues across 8 passive checks including TLS, DMARC, security headers, breaches, and CVEs.

What TLS version does gov.sg use?

gov.sg uses TLSv1.2 with ECDHE-RSA-AES128-GCM-SHA256. TLSv1.2 negotiated. Issues: TLS 1.2 negotiated (1.3 preferred).

Does gov.sg have SPF configured?

No. No SPF record found for gov.sg.

Does gov.sg have security headers configured?

gov.sg has 4 of 5 recommended security headers. Present: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy. Missing: Permissions-Policy.

B-

82/100

gov.sg

Q: Does gov.sg have DMARC configured?

Yes. gov.sg's DMARC policy is set to 'reject'. SPF record: no. Strengths: DMARC policy set to reject (strongest). Issues: No SPF record found; No DKIM records found for common selectors (may use non-standard selectors).

Q: Does gov.sg use HSTS?

Yes. HSTS enabled: max-age=31536000. Missing includeSubDomains. Missing preload directive.

Q: Is gov.sg's SSL certificate valid?

Yes. Strengths: Certificate valid, 250 days remaining; Issued by GlobalSign nv-sa.

Q: Does gov.sg have DNSSEC enabled?

Yes. Strengths: 4 nameservers configured (dsany2.sgnic.sg., pch.sgzones.sg., dsany3.sgnic.sg., dsany4.sgnic.sg.); DNSSEC enabled; Zone transfers properly restricted.

February 15, 2026 ·

2 Warnings 6 Passed 8 checks

Security checks — sorted by severity

TLS Configuration

TLSv1.2 negotiated. Issues: TLS 1.2 negotiated (1.3 preferred).

Needs work

DMARC / Email Security

Strengths: DMARC policy set to reject (strongest). Issues: No SPF record found; No DKIM records found for common selectors (may use non-standard selectors).

Needs work

HSTS Header

HSTS enabled: max-age=31536000. Missing includeSubDomains. Missing preload directive.

Passed

Security Headers

4/5 security headers present. Missing: Permissions-Policy.

Passed

Known Breaches

No known breaches found in public disclosure databases.

Passed

CVE Exposure

Detected technologies: AmazonS3, Proxy/CDN. (Proxy/CDN detected but excluded from CVE matching — upstream infrastructure). No version information exposed — CVE matching not possible (this is good practice).

Passed

DNS Configuration

Strengths: 4 nameservers configured (dsany2.sgnic.sg., pch.sgzones.sg., dsany3.sgnic.sg., dsany4.sgnic.sg.); DNSSEC enabled; Zone transfers properly restricted.

Passed

Certificate Hygiene

Strengths: Certificate valid, 250 days remaining; Issued by GlobalSign nv-sa.

Passed

Recommended actions 1+ items

Steps to improve gov.sg's security grade, ranked by impact.

Strengthen email authentication configuration

2–4 hours High

Email authentication is partially configured for gov.sg but has gaps. Actions needed: add SPF record; configure DKIM. Until DMARC enforcement is active, spoofed emails may still reach recipients.

NIST CSFPR.AC-7

Email authentication is a required access control

How to fix this

1 Add SPF record if missing: v=spf1 include:_spf.google.com -all

2 Configure DKIM and publish public key in DNS

3 Verify with: nslookup -type=txt _dmarc.gov.sg

See all 1 remaining recommendation

Enter your work email to unlock the full action plan.

No spam. We only send security-related updates.

Report unlocked.

AI Summary

What this means

gov.sg scored 82/100, demonstrating a strong security posture. Minor improvements are noted below.

Positive signals: HSTS Header, Security Headers, Known Breaches all passed.

2 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

How gov.sg compares

Grade distribution across 2678 companies we've scanned. gov.sg scores better than 72% of them.

72th percentile

0 Percentile rank 100

A+

194

A-

200

B+

376

B-

137

C+

117

347

C-

123

D+

265

D-

632

gov.sg — Grade B- (82/100) 2678 companies scanned

At a glance

Key data points from the scan.

TLS Version

TLSv1.2

TLSv1.2 negotiated. Issues: TLS 1.2 negotiated (1.3 preferred).

DMARC Policy

p=reject

Strengths: DMARC policy set to reject (strongest). Issues: No SPF record found; No DKIM records found for common selectors (may use non-standard selectors).

SPF Record

Missing

No SPF record found.

Security Headers

4/5 present

Missing: Permissions-Policy

HSTS

Enabled

HSTS enabled: max-age=31536000. Missing includeSubDomains. Missing preload directive.

SSL Certificate

Valid

Strengths: Certificate valid, 250 days remaining; Issued by GlobalSign nv-sa.

DNSSEC

Enabled

Strengths: 4 nameservers configured (dsany2.sgnic.sg., pch.sgzones.sg., dsany3.sgnic.sg., dsany4.sgnic.sg.); DNSSEC enabled; Zone transfers properly restricted.

Similar companies

Other domains with comparable security profiles.