90
salesforce.com
Findings
6
·
2
·
0
Checks
8 passive
Executive Summary
AI-GENERATED
salesforce.com scored 90/100, demonstrating a strong security posture. Minor improvements are noted below.
Positive signals: Known Breaches, DMARC / Email Security, DNS Configuration all passed.
2 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.
Action Items
Ordered by priority · 2 items
1
Increase HSTS max-age duration
HSTS is enabled but the max-age (0s) is below the recommended minimum of 15768000s (6 months). A short max-age means browsers forget the HTTPS-only policy quickly, reducing protection between visits.
Compliance Impact
PCI-DSS 4.0Req 6.4.1
Application security header configuration
Remediation Steps
1
Update header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2
Verify: curl -sI https://salesforce.com | grep -i strict
Unlock the full remediation plan
Get detailed steps, compliance mapping, and ownership for all 2 action items. Free — just enter your work email.
No spam. We'll only contact you about this report.
✓ Report unlocked. Scroll down for full details.
2
Add optional security headers (CSP, Permissions-Policy)
salesforce.com has most security headers configured. Missing: CSP, Permissions-Policy. These are best-practice additions that reduce the attack surface for client-side vulnerabilities.
Remediation Steps
1
Add Content-Security-Policy header (start with report-only to avoid breakage)
2
Add: Permissions-Policy: camera=(), microphone=(), geolocation=()
3
Verify with: curl -sI https://salesforce.com | grep -iE 'content-security|x-frame|x-content|referrer|permissions'
Scan Findings
HSTS Header
Warning
Security Headers
Warning
Known Breaches
Healthy
DMARC / Email Security
Healthy
DNS Configuration
Healthy
TLS Configuration
Healthy
CVE Exposure
Healthy
Certificate Hygiene
Healthy