LynxRadar
Directory Scan Domain
Home  /  Directory  /  sats.com.sg
72
Conditional

sats.com.sg

Security posture assessment · Scanned February 15, 2026

Findings
5 · 1 · 2
Checks
8 passive
Executive Summary AI-GENERATED

sats.com.sg scored 72/100, meeting baseline requirements but with 1 finding that require attention. The vendor can proceed with a remediation timeline agreement.

Critical gaps in: HSTS Header, Security Headers. Positive signals: TLS Configuration, Known Breaches, CVE Exposure all passed.

3 action items identified, including 0 critical. The issues are configuration gaps, not architectural problems. A focused remediation effort of 2–5 days could address all findings.

Action Items
Ordered by priority · 3 items
1
Strengthen email authentication configuration
Effort: 2–4 hours   Owner: IT / DNS administrator
high
Email authentication is partially configured for sats.com.sg but has gaps. Actions needed: add SPF record. Until DMARC enforcement is active, spoofed emails may still reach recipients.
Compliance Impact
NIST CSFPR.AC-7
Email authentication is a required access control
Remediation Steps
1
Add SPF record if missing: v=spf1 include:_spf.google.com -all
2
Verify with: nslookup -type=txt _dmarc.sats.com.sg
2
Enable HSTS (HTTP Strict Transport Security)
Effort: < 1 hour   Owner: Web server administrator
high
The HSTS header is missing on sats.com.sg. Without it, connections can be downgraded from HTTPS to HTTP via man-in-the-middle attacks. This is a straightforward server configuration change.
Compliance Impact
PCI-DSS 4.0Req 6.4.1
Required application security controls
NIST 800-53SC-8
Transmission confidentiality and integrity
Remediation Steps
1
Add header: Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
2
Verify all subdomains support HTTPS before adding includeSubDomains
3
Test with: curl -sI https://sats.com.sg | grep -i strict
4
Submit to hstspreload.org after confirming the header is correct
3
Add missing security headers (CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy)
Effort: 1–2 hours   Owner: Web server administrator
high
5 of 5 recommended security headers are missing on sats.com.sg: CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy. These headers protect against clickjacking, MIME-sniffing, and unauthorized browser feature access. Adding them is a server configuration change with no application code changes required.
Compliance Impact
PCI-DSS 4.0Req 6.4.1
Security headers are required application controls
OWASPSecure Headers
Recommended baseline for web applications
Remediation Steps
1
Add Content-Security-Policy header (start with report-only to avoid breakage)
2
Add: X-Content-Type-Options: nosniff
3
Add: X-Frame-Options: DENY (or SAMEORIGIN if you use iframes)
4
Add: Referrer-Policy: strict-origin-when-cross-origin
5
Add: Permissions-Policy: camera=(), microphone=(), geolocation=()
6
Verify with: curl -sI https://sats.com.sg | grep -iE 'content-security|x-frame|x-content|referrer|permissions'
Scan Findings
HSTS Header
Critical
Security Headers
Critical
DMARC / Email Security
Warning
DNS Configuration
Healthy
Known Breaches
Healthy
TLS Configuration
Healthy
CVE Exposure
Healthy
Certificate Hygiene
Healthy
© 2026 LynxRadar · Security posture intelligence Directory · Scan a Domain · Sitemap