Is network.ae safe to use as a vendor?

network.ae scored 78/100 on LynxRadar's security posture assessment. The domain partially meets security requirements with some gaps to address. 7 checks passed, 6 warnings, 1 critical issues across 14 passive checks including TLS, DMARC, security headers, breaches, and CVEs.

What TLS version does network.ae use?

network.ae uses TLSv1.2 with ECDHE-ECDSA-AES256-GCM-SHA384. TLSv1.2 negotiated. Issues: TLS 1.2 negotiated (1.3 preferred).

Does network.ae have security headers configured?

network.ae has 0 of 5 recommended security headers. Missing: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy.

network.ae Security Report — Grade C+ (78/100)

Q: Does network.ae have DMARC configured?

Yes. network.ae's DMARC policy is set to 'reject'. SPF record: yes. Strengths: DMARC policy set to reject (strongest); DMARC pct=100 — policy applies to all mail; Aggregate reports (rua) configured; Forensic reports (ruf) configured; SPF hard-fail (-all) configured; SPF DNS lookup count: 3/10 (within limit); DKIM configured (selectors: s1, s2).

Q: Does network.ae use HSTS?

Yes. HSTS enabled: max-age=15768000s (182 days). Missing includeSubDomains — subdomains not covered. Missing preload directive.

Q: Is network.ae's SSL certificate valid?

Yes. Strengths: Certificate valid, 52 days remaining; Issued by DigiCert Inc.

Q: Does network.ae have DNSSEC enabled?

No. Strengths: 6 nameservers configured (a26-64.akam.net, a3-65.akam.net, a18-67.akam.net, a1-193.akam.net...); 2 MX record(s) present; Zone transfers properly restricted on all nameservers; Address records present: 1 A record(s), 2 AAAA record(s). Issues: All nameservers are from a single provider (akam.net) — a provider outage takes down the domain; SOA MNAME 'nidns2.networkuae.ae' not listed in NS records — possible lame delegation or stale primary nameserver reference; DNSSEC not configured — DNS responses can be spoofed or tampered with in transit (DNS cache poisoning).

C+

78/100

network.ae

May 17, 2026 ·

1+ Warnings 7 Passed

AI Summary

network.ae scored 78/100, meeting baseline requirements but with 6 findings that require attention. The vendor can proceed with a remediation timeline agreement.

Critical gaps in: Security Headers. Positive signals: MX Records & Mail Provider, HSTS Header, Cookie Security all passed.

3 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

Better than 59% of 2675 companies scanned.

059th pct100

A+

A-

B+

B-

C+

C-

D+

D-

Security Headers

MTA-STS & TLS Reporting

DNS CAA Records

TLS Configuration

DNS Configuration

TLS Protocol Support

security.txt (RFC 9116)

MX Records & Mail Provider

HSTS Header

Cookie Security

Known Breaches

DMARC / Email Security

CVE Exposure

Certificate Hygiene

C+

network.ae

78/100

No critical issues — great work!

Add missing security headers (CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy)

Security Headers

1–2 hours High

5 of 5 recommended security headers are missing on network.ae: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy. These headers protect against clickjacking, MIME-sniffing, and unauthorized browser feature access. Adding them is a server configuration change with no application code changes required.

PCI-DSS 4.0Req 6.4.1

Security headers are required application controls

OWASPSecure Headers

Recommended baseline for web applications

How to fix this

1Add a Content-Security-Policy header. Safe starting value (works with Google Fonts and inline styles/scripts): default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests. Test your site after adding it, then tighten over time by removing 'unsafe-inline'.

2Add: X-Content-Type-Options: nosniff

3Add: X-Frame-Options: SAMEORIGIN (use DENY only if you never embed your pages in iframes)

4Add: Referrer-Policy: strict-origin-when-cross-origin

5Add: Permissions-Policy: camera=(), microphone=(), geolocation=()

2 items locked

Unlock the full action plan

Report unlocked.

At a glance

Full data from this scan

TLS Version

TLSv1.2

TLSv1.2 negotiated. Issues: TLS 1.2 negotiated (1.3 preferred).

DMARC Policy

p=reject

Strengths: DMARC policy set to reject (strongest); DMARC pct=100 — policy applies to all mail; Aggregate reports (rua) configured; Forensic reports (ruf) configured; SPF hard-fail (-all) configured; SPF DNS lookup count: 3/10 (within limit); DKIM configured (selectors: s1, s2).

SPF Record

Present

v=spf1 include:spf.protection.outlook.com include:_spf.salesforce.com include:spf-004da001.pphosted.

Security Headers

0/5 present

Missing: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy

HSTS

Enabled

HSTS enabled: max-age=15768000s (182 days). Missing includeSubDomains — subdomains not covered. Missing preload directive.

SSL Certificate

Valid

Strengths: Certificate valid, 52 days remaining; Issued by DigiCert Inc.

DNSSEC

Not enabled

Strengths: 6 nameservers configured (a26-64.akam.net, a3-65.akam.net, a18-67.akam.net, a1-193.akam.net...); 2 MX record(s) present; Zone transfers properly restricted on all nameservers; Address records present: 1 A record(s), 2 AAAA record(s). Issues: All nameservers are from a single provider (akam.net) — a provider outage takes down the domain; SOA MNAME 'nidns2.networkuae.ae' not listed in NS records — possible lame delegation or stale primary nameserver reference; DNSSEC not configured — DNS responses can be spoofed or tampered with in transit (DNS cache poisoning).

Similar companies

Other domains with comparable security profiles.