Is hotcleaner.com safe to use as a vendor?

hotcleaner.com scored 92/100 on LynxRadar's security posture assessment. The domain meets baseline security requirements. 10 checks passed, 4 warnings, 0 critical issues across 14 passive checks including TLS, DMARC, security headers, breaches, and CVEs.

Does hotcleaner.com have SPF configured?

Yes. SPF record: v=spf1 include:_spf.google.com ~all

Does hotcleaner.com have security headers configured?

hotcleaner.com has 3 of 5 recommended security headers. Present: CSP, X-Content-Type-Options, X-Frame-Options. Missing: Referrer-Policy, Permissions-Policy.

hotcleaner.com Security Report — Grade A- (92/100)

Q: What TLS version does hotcleaner.com use?

hotcleaner.com uses TLSv1.3 with TLS_AES_256_GCM_SHA384. TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

Q: Does hotcleaner.com have DMARC configured?

Yes. hotcleaner.com's DMARC policy is set to 'reject'. SPF record: yes. Strengths: DMARC policy set to reject (strongest); DMARC pct=100 — policy applies to all mail; DKIM alignment: strict (adkim=s); SPF alignment: strict (aspf=s); Aggregate reports (rua) configured; Forensic reports (ruf) configured; SPF soft-fail (~all) configured; SPF DNS lookup count: 1/10 (within limit); DKIM configured (selectors: google).

Q: Does hotcleaner.com use HSTS?

Yes. HSTS enabled: max-age=31536000s (365 days). includeSubDomains present. Missing preload directive.

Q: Is hotcleaner.com's SSL certificate valid?

Yes. Strengths: Certificate valid, 53 days remaining; Issued by Google Trust Services.

Q: Does hotcleaner.com have DNSSEC enabled?

No. Strengths: 2 nameservers configured (ns27.domaincontrol.com, ns28.domaincontrol.com); SOA record present and MNAME consistent with NS set; 5 MX record(s) present; Zone transfers properly restricted on all nameservers; Address records present: 1 A record(s), 1 AAAA record(s). Issues: All nameservers are from a single provider (domaincontrol.com) — a provider outage takes down the domain; DNSSEC not configured — DNS responses can be spoofed or tampered with in transit (DNS cache poisoning).

A- 92/100

hotcleaner.com

June 27, 2026 ·

1+ Warnings 10 Passed

Better than 92% of 2698 companies scanned.

092th pct100

A+

A-

B+

B-

C+

C-

D+

D-

A-

hotcleaner.com

92/100

Enable DNSSEC on your domain

DNS Configuration

1–3 days (depends on registrar)

Without DNSSEC, DNS responses for hotcleaner.com can be spoofed, potentially redirecting users to malicious sites. This requires coordination with your domain registrar to publish DS records. Also consider adding a secondary DNS provider.

NIST 800-53SC-20

Secure name/address resolution service

How to fix this

1Check if your DNS provider supports DNSSEC (Cloudflare, Route53, etc.)

2Enable DNSSEC signing in your DNS provider dashboard

3Add the DS record to your registrar for .com TLD

4Verify: dig +dnssec hotcleaner.com

At a glance

Full data from this scan

TLS Version

TLSv1.3

TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

DMARC Policy

p=reject

Strengths: DMARC policy set to reject (strongest); DMARC pct=100 — policy applies to all mail; DKIM alignment: strict (adkim=s); SPF alignment: strict (aspf=s); Aggregate reports (rua) configured; Forensic reports (ruf) configured; SPF soft-fail (~all) configured; SPF DNS lookup count: 1/10 (within limit); DKIM configured (selectors: google).

SPF Record

Present

v=spf1 include:_spf.google.com ~all

Security Headers

3/5 present

Missing: Referrer-Policy, Permissions-Policy

HSTS

Enabled

HSTS enabled: max-age=31536000s (365 days). includeSubDomains present. Missing preload directive.

SSL Certificate

Valid

Strengths: Certificate valid, 53 days remaining; Issued by Google Trust Services.

DNSSEC

Not enabled

Strengths: 2 nameservers configured (ns27.domaincontrol.com, ns28.domaincontrol.com); SOA record present and MNAME consistent with NS set; 5 MX record(s) present; Zone transfers properly restricted on all nameservers; Address records present: 1 A record(s), 1 AAAA record(s). Issues: All nameservers are from a single provider (domaincontrol.com) — a provider outage takes down the domain; DNSSEC not configured — DNS responses can be spoofed or tampered with in transit (DNS cache poisoning).

Similar companies