Is request.network safe to use as a vendor?

request.network scored 90/100 on LynxRadar's security posture assessment. The domain meets baseline security requirements. 7 checks passed, 0 warnings, 1 critical issues across 8 passive checks including TLS, DMARC, security headers, breaches, and CVEs.

Does request.network have security headers configured?

request.network has 2 of 5 recommended security headers. Present: X-Content-Type-Options, Referrer-Policy. Missing: CSP, X-Frame-Options, Permissions-Policy.

request.network Security Report — Grade A- (90/100)

Q: What TLS version does request.network use?

request.network uses TLSv1.3 with TLS_AES_256_GCM_SHA384. TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

Q: Does request.network have DMARC configured?

Yes. request.network's DMARC policy is set to 'reject'. SPF record: yes. Strengths: DMARC policy set to reject (strongest); SPF record present with hard-fail (-all); DKIM configured (selectors: google, s1, s2).

Q: Does request.network have SPF configured?

Yes. SPF record: v=spf1 a mx include:_spf.google.com include:u2199673.wl174.sendgrid.net -all

Q: Does request.network use HSTS?

Yes. HSTS enabled: max-age=31536000. includeSubDomains present. Missing preload directive.

Q: Is request.network's SSL certificate valid?

Yes. Strengths: Certificate valid, 89 days remaining; Issued by Google Trust Services.

Q: Does request.network have DNSSEC enabled?

Yes. Strengths: 2 nameservers configured (maciej.ns.cloudflare.com., gene.ns.cloudflare.com.); 3 MX records present; DNSSEC enabled; Zone transfers properly restricted.

A- 90/100

request.network

February 18, 2026 ·

1 Warnings 7 Passed

AI Summary

request.network scored 90/100, demonstrating a strong security posture. No material issues found.

Critical gaps in: Security Headers. Positive signals: Known Breaches, TLS Configuration, CVE Exposure all passed.

1 action item identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

Better than 88% of 2692 companies scanned.

088th pct100

A+

A-

B+

B-

C+

C-

D+

D-

A-

request.network

90/100

Add missing security headers (CSP, X-Frame-Options, Permissions-Policy)

1–2 hours

3 of 5 recommended security headers are missing on request.network: CSP, X-Frame-Options, Permissions-Policy. These headers protect against clickjacking, MIME-sniffing, and unauthorized browser feature access. Adding them is a server configuration change with no application code changes required.

PCI-DSS 4.0Req 6.4.1

Security headers are required application controls

OWASPSecure Headers

Recommended baseline for web applications

How to fix this

1Add Content-Security-Policy header (start with report-only to avoid breakage)

2Add: X-Frame-Options: DENY (or SAMEORIGIN if you use iframes)

3Add: Permissions-Policy: camera=(), microphone=(), geolocation=()

At a glance

Full data from this scan

TLS Version

TLSv1.3

TLSv1.3 negotiated with TLS_AES_256_GCM_SHA384 (256-bit). Strong configuration with no deprecated protocols or weak ciphers detected.

DMARC Policy

p=reject

Strengths: DMARC policy set to reject (strongest); SPF record present with hard-fail (-all); DKIM configured (selectors: google, s1, s2).

SPF Record

Present

v=spf1 a mx include:_spf.google.com include:u2199673.wl174.sendgrid.net -all

Security Headers

2/5 present

Missing: CSP, X-Frame-Options, Permissions-Policy

HSTS

Enabled

HSTS enabled: max-age=31536000. includeSubDomains present. Missing preload directive.

SSL Certificate

Valid

Strengths: Certificate valid, 89 days remaining; Issued by Google Trust Services.

DNSSEC

Enabled

Strengths: 2 nameservers configured (maciej.ns.cloudflare.com., gene.ns.cloudflare.com.); 3 MX records present; DNSSEC enabled; Zone transfers properly restricted.

Similar companies