Overview
Findings
Actions
Details
Related
AI-Generated Summary
What this means
itctransco.com scored 78/100, meeting baseline requirements but with 6 findings that require attention. The vendor can proceed with a remediation timeline agreement.
Critical gaps in: Cookie Security, CVE Exposure. Positive signals: TLS Configuration, TLS Protocol Support, Known Breaches all passed.
3 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.
How itctransco.com compares
Grade distribution across 2655 companies we've scanned. itctransco.com scores better than 59% of them.
88
A+
27
A
191
A-
198
B+
75
B
371
B-
137
C+
117
C
342
C-
122
D+
95
D
261
D-
631
F
itctransco.com — Grade C+ (78/100)
2655 companies scanned
Security checks
Each check inspects a different part of itctransco.com's public security setup. Green means healthy, yellow needs attention, red is a problem.
Cookie Security
Strengths: 2 cookie(s) analyzed. Issues: 1/2 cookie(s) missing Secure flag (AWSALB); 2/2 cookie(s) missing HttpOnly flag (AWSALB, AWSALBCORS); 1/2 cookie(s) missing SameSite attribute (AWSALB).
CVE Exposure
Detected technologies: Apache/2.4.66. 1 critical-severity CVE(s) found (CVSS >= 9.0): CVE-2026-28780. Immediate patching recommended.
MX Records & Mail Provider
Strengths: Mail handled by Microsoft 365; 1 MX record(s) configured. Issues: Only 1 MX record — no failover if primary mail server is unavailable.
DNS Configuration
Strengths: 2 nameservers configured (ns55.worldnic.com., ns56.worldnic.com.); 1 MX records present; Zone transfers properly restricted. Issues: DNSSEC not configured — DNS responses can be spoofed.
MTA-STS & TLS Reporting
Issues: No MTA-STS configured — email in transit is vulnerable to TLS downgrade attacks. Sending servers cannot verify that your mail server requires TLS; No TLSRPT record — TLS delivery failures won't be reported to domain owner.
DNS CAA Records
No CAA records found. Without CAA, any Certificate Authority can issue certificates for this domain. Adding CAA records restricts issuance to authorized CAs only, reducing the risk of misissued certificates.
security.txt (RFC 9116)
No security.txt found. Publishing a security.txt at /.well-known/security.txt is the industry standard (RFC 9116) for vulnerability disclosure policies. Its absence may indicate a less mature security program.
Security Headers
3/5 security headers present. Missing: Referrer-Policy, Permissions-Policy.
TLS Configuration
TLSv1.3 negotiated with TLS_AES_128_GCM_SHA256 (128-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
TLS Protocol Support
Strengths: TLS 1.3 supported; TLS 1.2 supported; TLS 1.3 supported (strongest). Protocol support: TLS 1.3: Yes, TLS 1.2: Yes, TLS 1.1: No, TLS 1.0: No.
Known Breaches
No known breaches found in public disclosure databases.
HSTS Header
HSTS enabled: max-age=31536000s (365 days) with includeSubDomains and preload. Meets best-practice configuration.
DMARC / Email Security
Strengths: DMARC policy set to quarantine; SPF record present with hard-fail (-all); DKIM configured (selectors: selector1, selector2, cm).
Certificate Hygiene
Strengths: Certificate valid, 176 days remaining; Issued by Amazon.
Recommended actions
1 item
Steps to improve itctransco.com's security grade, ranked by impact.
1
Patch 1 critical CVE
Externally visible software on itctransco.com has 1 critical CVE (CVSS >= 9.0). Update the affected software to the latest patched version.
Compliance impact
NIST 800-53SI-2
Flaw remediation
PCI-DSS 4.0Req 6.3.3
Critical patches within 1 month
How to fix this
1
Review CVEs: CVE-2026-28780
2
Update affected software to latest patched versions
3
Verify patches applied: re-scan after update
4
Consider hiding server version headers to reduce future exposure
See all 2 remaining recommendations
Enter your work email to unlock the full action plan.
No spam. We only send security-related updates.
Report unlocked.
2
3
At a glance
Key data points from the scan.
TLS Version
TLSv1.3
TLSv1.3 negotiated with TLS_AES_128_GCM_SHA256 (128-bit). Strong configuration with no deprecated protocols or weak ciphers detected.
DMARC Policy
p=quarantine
Strengths: DMARC policy set to quarantine; SPF record present with hard-fail (-all); DKIM configured (selectors: selector1, selector2, cm).
SPF Record
Present
v=spf1 mx:itctransco.com include:service-now.com include:customers.clickdimensions.com include:spf.p
Security Headers
3/5 present
Missing: Referrer-Policy, Permissions-Policy
HSTS
Enabled
HSTS enabled: max-age=31536000s (365 days) with includeSubDomains and preload. Meets best-practice configuration.
SSL Certificate
Valid
Strengths: Certificate valid, 176 days remaining; Issued by Amazon.
DNSSEC
Not enabled
Strengths: 2 nameservers configured (ns55.worldnic.com., ns56.worldnic.com.); 1 MX records present; Zone transfers properly restricted. Issues: DNSSEC not configured — DNS responses can be spoofed.